Subscribe to NetSec News
Articles of interest from the week of August 12, 2019
Next Generation Cyber: Malware-Free Attacks While the majority of the traditional cybersecurity solutions are focused on stopping malware, the threat...
1 min read
If You Don’t Already Have a Generative AI Security Policy, There’s No Time To Lose
Businesses are finding more and more compelling reasons to use generative AI, which is making the development of security-focused generative AI policies more critical than ever. (CSO)
 |
| "There is so much opportunity for efficiency, creativity, and growth with the power of AI being accessible to anyone now. While there are many benefits of allowing employees to harness these opportunities, like with any new technology, it’s critically important for organizations to establish comprehensive security measures to manage the associated risks. As AI systems become more prevalent, accessible, and powerful, the risks associated with the potential misuse or malicious applications increase significantly. We’ve already seen reports of sensitive information being disclosed, and the privacy and confidentiality of data will continue to be a concern with the rising use of AI tools. To safeguard against potential threats, businesses and policymakers must prioritize the development and implementation of robust security policies for generative AI.” – Scotlyn Clark, Senior Cybersecurity Consultant at Ingalls Information Security |
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. (The Hacker News)
Phishing Attacks Employing QR Codes Are Capturing User Credentials
Using a new twist to bypass detection from security solutions, cyber-attacks now employ QR codes that your users will not recognize as suspicious. (KnowBe4)
Microsoft 'Logging Tax' Hinders Incident Response, Experts Warn
A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it. (DarkReading)
White House Launches Cybersecurity Implementation Plan
U.S. President Biden’s administration this week released the first iteration of the National Cybersecurity Strategy Implementation Plan, which was announced in March 2023. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap of cybersecurity responsibilities. (TechRepublic)
Articles of interest from the week of March 27, 2023
Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw Bitcoin ATM maker General Bytes disclosed that...
Articles of interest from the week of February 27, 2023
Users Looking for ChatGPT Apps Get Malware Instead The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cybercriminals: they...