Network Security News | Ingalls Information Security

Articles of interest from the week of July 17, 2023

Written by John Frasier | Jul 17, 2023 4:00:00 AM

If You Don’t Already Have a Generative AI Security Policy, There’s No Time To Lose

Businesses are finding more and more compelling reasons to use generative AI, which is making the development of security-focused generative AI policies more critical than ever. (CSO)

 

"There is so much opportunity for efficiency, creativity, and growth with the power of AI being accessible to anyone now. While there are many benefits of allowing employees to harness these opportunities, like with any new technology, it’s critically important for organizations to establish comprehensive security measures to manage the associated risks. As AI systems become more prevalent, accessible, and powerful, the risks associated with the potential misuse or malicious applications increase significantly. We’ve already seen reports of sensitive information being disclosed, and the privacy and confidentiality of data will continue to be a concern with the rising use of AI tools. To safeguard against potential threats, businesses and policymakers must prioritize the development and implementation of robust security policies for generative AI.”

Scotlyn Clark, Senior Cybersecurity Consultant at Ingalls Information Security

 

 

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. (The Hacker News)

 

Phishing Attacks Employing QR Codes Are Capturing User Credentials

Using a new twist to bypass detection from security solutions, cyber-attacks now employ QR codes that your users will not recognize as suspicious. (KnowBe4)

 

Microsoft 'Logging Tax' Hinders Incident Response, Experts Warn

A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it. (DarkReading)

 

White House Launches Cybersecurity Implementation Plan

U.S. President Biden’s administration this week released the first iteration of the National Cybersecurity Strategy Implementation Plan, which was announced in March 2023. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap of cybersecurity responsibilities. (TechRepublic)