Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A phishing campaign carried out by the threat actor known as Storm-0978 has been detected by Microsoft. The campaign specifically targeted defense and government entities in Europe and North America. It exploited the CVE-2023-36884 vulnerability through Word documents, enabling a remote code execution vulnerability. Notably, the attackers used lures associated with the Ukrainian World Congress before the vulnerability was disclosed to Microsoft.

Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. This discovery poses a significant risk to the deployment of LLMs in public-facing applications, as it could potentially allow these models to be used for malicious purposes.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week we are exploring the significant role of AI in the field of cybersecurity and why it’s the next biggest thing in cybersecurity.

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.

Business email compromise (BEC) continues to be one of the fastest growing and most risky attack vectors for companies, as it has become a multimillion-dollar business that causes almost 80 times more losses than ransomware.

Like a multitude of professions, the field of Information Technology (I.T.) is vast and requires specialized experience. There are network infrastructure specialists, risk and compliance analysts, cybersecurity professionals, technical generalists and more. I.T.

WebAssembly, sometimes called Wasm, is a portable, low-level binary code instruction format executed in a web browser’s virtual machine (VM). It enables developers to write high-performance code in various languages and runs alongside JavaScript. Developers are embracing WebAssembly for its ability to accelerate complex algorithms, enable gaming and multimedia applications, and provide a secure sandbox environment for running untrusted code.

An effective third-party risk management (TRPM) program allows organizations to assess potential vulnerabilities and mitigate security risks across their entire ecosystem of vendors and suppliers. If your organization is expanding its third-party ecosystem by relying on partnerships to execute core operations, creating an effective TPRM plan is critical to regulating data risks across your growing attack surface.

The Virginia Consumer Data Protection Act (VCDPA) was the second comprehensive consumer privacy law passed in the United States. The act followed the California Consumer Privacy Act (CCPA) and took effect on January 1, 2023. Commercial organizations that conduct business in Virginia and process consumer data will be the most affected by the VCDPA. Learn how UpGuard’s comprehensive cybersecurity solution can help your business remain compliant>