Former National Institute of Standards and Technology official Jeremy Grant urged Congress to task NIST with playing a bigger role in developing digital identity standards. (Image: Shutterstock)

Experts Urge Congress to Task NIST With REAL ID Standards

Chris Riotta • December 5, 2023

Security experts testified to Congress that the National Institute of Standards and Technology is better placed than the Transportation Security Administration to lead national implementation efforts for security-enhanced identification cards ahead of a looming 2025 deadline for national compliance.

►

Artificial Intelligence & Machine Learning

SolarWinds Ruling: Why CISOs Need to be Aware of Fraud

Latest

Artificial Intelligence & Machine Learning

How to Jailbreak Machine Learning With Machine Learning

Rashmi Ramesh • December 6, 2023

A small group of researchers says it has identified an automated method for jailbreaking OpenAI, Meta and Google large language models with no obvious fix. Just like the algorithms that researchers can force into giving dangerous or undesirable responses, the technique depends on machine learning.

Next-Generation Technologies & Secure Development

Unlocking the Superpower of DevSecOps

Michael Novinson • December 6, 2023

Enterprises have struggled to strike a balance between speed and security and stability, said Sean D. Mack, author, speaker and former CIO and CISO at Wiley. DevSecOps is the superpower that resolves this long-standing conflict and allows organizations to deliver software faster and more securely.

Legislation & Litigation

Supporting CISA - The 'Focal Point of Our Defensive Efforts'

Steve King • December 6, 2023

On Nov. 8, Tenable Chairman and CEO Amit Yoran wrote a letter to Congress in support of CISA. In this episode of "Cybersecurity Insights," Yoran calls the agency the "primary focal point of our defensive efforts" and discusses why the country needs to stay unified on defeating cyberthreats.

Cyberwarfare / Nation-State Attacks

Russian GRU Hackers Exploit Critical Patched Vulnerabilities

Prajeet Nair • December 5, 2023

A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity from TA422, also known as APT28, Fancy Bear and Forest Blizzard.

Incident & Breach Response

23andMe Says Hackers Stole Ancestry Data of 6.9M Users

Mihir Bagwe • December 5, 2023

Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles of 23andMe users who opted in to the company's DNA Relatives feature.

Artificial Intelligence & Machine Learning

API Flaws Put AI Models at Risk of Data Poisoning

Rashmi Ramesh • December 5, 2023

Security researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code repository GitHub. Tampering with training data is among the top threats to large language models.

Artificial Intelligence & Machine Learning

TSA Envisions AI-Driven Future of Secure, Streamlined Travel

Chris Riotta • December 5, 2023

The Transportation Security Administration is exploring the possibilities of a future of U.S. travel "underpinned by AI advancements," according to the agency's deputy CIO, with next-generation technologies shaping new verification and threat detection efforts.

API Security

Mapping the Unseen Vulnerabilities of Zombie APIs

Steve King • December 5, 2023

Zombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map backward."

Critical Infrastructure Security

US CISA: Secure Israeli-Made Technology From Iranian Hackers

Chris Riotta • December 4, 2023

The U.S. Cybersecurity and Infrastructure Security Agency encouraged all organizations that use equipment developed by an Israeli technology company called Unitronics to bolster their cyber posture amid the Israel-Hamas war after an Iranian hacking group attacked a Pennsylvania water municipality.

Governance & Risk Management

Russian GRU Hackers Target Polish Outlook Inboxes

David Perera • December 4, 2023

Russian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.

Governance & Risk Management

Democrat Blocks Biden's NSA Nominee Over Data Controversy

Chris Riotta • December 4, 2023

A senior Democrat on the Senate Intelligence Committee pledged to block Air Force Lt. Gen. Timothy Haugh from serving as director of the National Security Agency until the agency says whether it is purchasing data on U.S. citizens from data brokers, including location data and web browsing history.

Endpoint Security

LogoFAIL Bootup Flaw Puts Hundreds of Devices at Risk

Prajeet Nair • December 4, 2023

Hackers could use a firmware specification designed to flash a corporate logo during computer bootup to deliver a malicious payload that circumvents the industry standard for only loading trusted operating systems. The flaw stems from graphic image parsers embedded into system firmware.