On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
Earlier this month, Secretary of the Department of Homeland Security (DHS) Kristi Noem announced plans to disband the Critical Infrastructure Partnership Advisory Council (CIPAC). First created in 2006, CIPAC is a...more
AI-enabled technology enhances threat actors’ ability to engage in advanced and difficult-to-detect forms of social engineering to deceive employees and circumvent companies’ security controls. Companies may consider new...more
The Cybersecurity and Infrastructure Security Agency (CISA) unveiled new cyber performance goals aimed at addressing risks to software development and product design in the IT sector.
Last week, the Cybersecurity and...more
The “Bad Likert Judge” jailbreaking technique boasts a high attack success rate by using a three-step approach which employs the target LLM’s own understanding of harmful content to bypass the target LLM’s safety guardrails....more
A recent attack by Chinese hacking group “Salt Typhoon” hit major U.S. telecommunications providers and exposed Americans’ call record metadata. Following this attack, the FCC and other agencies have taken steps to help...more
A new study finds that a majority of employees may sidestep their company’s security policies to be more productive, including policies related to workplace AI. It may come as little surprise that employees try to find ways...more
Five individuals who are alleged to be members of the Scattered Spider cybercrime group have been charged with multiple crimes after a federal investigation into an advanced social engineering attacks that targeted at least...more
On November 6, 2024, the Transportation Security Administration (TSA) published a Notice of Proposed Rulemaking (NPRM) that would mandate cyber risk management and reporting requirements for certain surface transportation...more
Model inversion and membership inference attacks create unique risks to organizations that are allowing artificial intelligences to be trained using their data. Companies may wish to begin to evaluate ways to mitigate risks...more
A cybersecurity attack targeted cryptocurrency developers by uploading malicious packages to open-source website npm with names similar to libraries used in cryptocurrency work....more
The New York State Department of Financial Services (“NYDFS”) has urged organizations to exercise caution when hiring remote employees due to an increase in individuals located in the Democratic People’s Republic of Korea...more
NIST’s “quick-start guide” is designed to assist acquirers as they evaluate the various risks across their network of suppliers, focusing on supply chain tiers, foreign ownership, control or influence (FOCI), provenance,...more
The shared Safe Software Deployment guidance calls software manufacturers to implement safe software development programs supported by verified processes including robust testing, rollout, and feedback loops....more
Backup authentication methods create a vulnerability in passkey protection to adversary-in-the-middle attacks. Security protections from passkey authentication can still potentially be subverted by attackers....more
New and old attack vectors analyzed by RAND in their report on securing AI weights from theft. A new report published by RAND highlights the importance of securing the learnable parameters, or weights, of AI models to...more
Victims of LockBit ransomware attacks can reach out to the FBI for decryption keys and all companies can prepare against ransomware attacks. The FBI secured 7,000 LockBit decryption keys, providing victims of LockBit...more
DHS advises safeguards to protect AIs and to protect critical infrastructure from AI-powered attacks.
In continuing its work under the Biden Administration’s Executive Order 14110, “Safe, Secure, and Trustworthy...more
U.S. State Department announces international diplomacy strategy to promote digital solidarity. Recognizing emerging technologies and cyber threats as an inflection point for U.S. competition with geopolitical rivals, the...more
Companies should review their resiliency, vendors, suppliers, and plans for partnering with the FBI in case of a cyber event, says FBI. The People’s Republic of China (PRC) is positioning itself to “physically wreak havoc on...more
Joint guidance from the “Five Eyes” cybersecurity agencies provides best practices on securely deploying and operating AI systems. New guidance by the U.S. National Security Agency’s Artificial Intelligence Security Center,...more
CL0P is adopting “quadruple extortion” tactics. If your organization has received a ransomware demand, CL0P may be a familiar name. In 2023, CL0P was the third most prolific ransomware gang, after Lockbit and ALPHV....more
California continues as the frontrunner of U.S. AI regulatory developments. Following the Governor’s executive order on Generative AI (GenAI) published last year, California state agencies have worked to implement its...more
The California Privacy Protection Agency recently released updated draft regulations regarding cybersecurity audits under the California Consumer Privacy Act.
On November 8, 2023, the California Privacy Protection Agency...more
Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets....more