Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's digital landscape, where data breaches and security threats are a constant concern, ensuring least privilege access is of utmost importance for companies operating in the cloud. Granting the principle of least privilege to employees helps minimize the risk of unauthorized access, accidental misuse, and insider threats. However, achieving and maintaining least privilege access can be challenging, often resulting in manual processes, delays, and potential security gaps.

Voice authentication is a biometric security method that verifies individuals based on their unique vocal characteristics. It has become increasingly popular in various applications, ranging from phone banking to smart home devices. However, the rise of deepfake technology poses a significant threat to the integrity of voice authentication systems. Deepfakes are highly realistic artificial audio clips that can be used to impersonate someone else’s voice.

A phishing campaign carried out by the threat actor known as Storm-0978 has been detected by Microsoft. The campaign specifically targeted defense and government entities in Europe and North America. It exploited the CVE-2023-36884 vulnerability through Word documents, enabling a remote code execution vulnerability. Notably, the attackers used lures associated with the Ukrainian World Congress before the vulnerability was disclosed to Microsoft.

Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. This discovery poses a significant risk to the deployment of LLMs in public-facing applications, as it could potentially allow these models to be used for malicious purposes.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week we are exploring the significant role of AI in the field of cybersecurity and why it’s the next biggest thing in cybersecurity.

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.

Business email compromise (BEC) continues to be one of the fastest growing and most risky attack vectors for companies, as it has become a multimillion-dollar business that causes almost 80 times more losses than ransomware.

Like a multitude of professions, the field of Information Technology (I.T.) is vast and requires specialized experience. There are network infrastructure specialists, risk and compliance analysts, cybersecurity professionals, technical generalists and more. I.T.

WebAssembly, sometimes called Wasm, is a portable, low-level binary code instruction format executed in a web browser’s virtual machine (VM). It enables developers to write high-performance code in various languages and runs alongside JavaScript. Developers are embracing WebAssembly for its ability to accelerate complex algorithms, enable gaming and multimedia applications, and provide a secure sandbox environment for running untrusted code.