From chatbots like ChatGPT to the large language models (LLMs) that power them, managing and mitigating potential AI vulnerabilities is an increasingly important aspect of effective cybersecurity. Kroll’s new AI insights hub explores some of the key AI security challenges informed by our expertise in helping businesses of all sizes, in a wide range of sectors. Some of the topics covered on the Kroll AI insights hub are outlined below.

The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it’s essential to understand that security is a collaborative effort between the service provider and the customer.

The SSO tax is the unofficial name for the practice of software vendors significantly upcharging their customers for Single Sign-On, usually by making it part of an enterprise tier.

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! WordPress is often an easy target from lack coding, but in this case a curious injection at source. But how?

It seems like every other day there is a public announcement of a compromise involving unauthorised access to Microsoft 365. Privately, my security consultancy team are called in more often than we would like to deconstruct a compromise and determine if a notifiable data breach has occurred.

A critical exploit just hit the scene, targeting cdn.polyfill.io, a popular domain for polyfills. Over 110,000 websites have been compromised by this attack, embedding malware into JavaScript assets. But don’t worry, we’ve got your back.

Increasing your online customer base might seem beneficial, but is it always advantageous for your business? Our guide aims to help you identify and understand customers who might pose long-term challenges, commonly referred to as high-risk customers. Financial institutions, such as banks, must adhere to regulations that require thorough customer screening to prevent fraud and money laundering.

On April 23, 2024, the Federal Trade Commission (FTC) issued a ruling that banned the use and enforcement of non-compete agreements across the United States. With this ruling, enterprises that relied on these agreements to help preserve their competitive advantage must adapt their strategy for protecting proprietary information when an employee departs. Read on for a breakdown of the ruling, what strategies remain open for dealing with this risk, and how security teams can help their organization adapt.

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.