'

Announcing Microsoft’s open automation framework to red team generative AI Systems

Announcing Microsoft’s open automation framework to red team generative AI Systems

Today we are releasing an open automation framework, PyRIT (Python Risk Identification Toolkit for generative AI), to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems. At Microsoft, we believe that security practices and generative AI responsibilities need to be a collaborative effort. We are deeply committed to … Read more

Critical ConnectWise ScreenConnect flaw exploited in the wild: Update

Critical ConnectWise ScreenConnect flaw exploited in the wild: Update

A critical vulnerability patched this week in the ConnectWise ScreenConnect remote desktop software is already being exploited in the wild. Researchers warn that it’s trivial to exploit the flaw, which allows attackers to bypass authentication and gain remote code execution on systems, and proof-of-concept exploits already exist. ScreenConnect is a popular remote support tool with … Read more

Get the most out of Microsoft Copilot for Security with good prompt engineering

Get the most out of Microsoft Copilot for Security with good prompt engineering

The process of writing, refining, and optimizing inputs—or “prompts”—to encourage generative AI systems to create specific, high-quality outputs is called prompt engineering. It helps generative AI models organize better responses to a wide range of queries—from the simple to the highly technical. The basic rule is that good prompts equal good results. Prompt engineering is … Read more

New Cybereason ‘True Cost to Business Study 2024’ Reveals it Still Doesn’t Pay to Pay

New Cybereason ‘True Cost to Business Study 2024’ Reveals it Still Doesn’t Pay to Pay

Cybereason has today announced the results of their third annual ransomware study, commissioned to better understand the true impact of ransomware to businesses. This global study reveals ransomware attacks are becoming more frequent, effective, and sophisticated: 56 percent of organisations surveyed suffered more than one ransomware attack in the last 24 months. It still ‘doesn’t … Read more

New Leak Shows Business Side of China’s APT Menace

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity … Read more

Identity hacking saw sharp rise 2023

Identity hacking saw sharp rise 2023

Threat actors, frequently frustrated by improved enterprise security systems, increased their efforts to compromise credentials in 2023, according to CloudStrike’s 10th annual global threat report released Wednesday. “Threat actors are running into EDR products out there that are making it difficult for them. It’s difficult for them to bring their tools in and use them … Read more

Biden’s maritime cybersecurity actions target China threats

Biden’s maritime cybersecurity actions target China threats

The Biden administration released an ambitious set of initiatives that includes an executive order and a series of other actions to strengthen the cybersecurity of the American marine transportation system (MTS). The administration also wants to pave the way for a revived domestic port crane manufacturing sector to ease US reliance on increasingly distrusted Chinese-made … Read more

Critical infrastructure attacks aren’t all the same: Why it matters to CISOs

Critical infrastructure attacks aren’t all the same: Why it matters to CISOs

Cyberattacks against critical infrastructure are always big news, but recent headlines have once again thrust the threat faced by Western democracies from foreign powers in this domain back onto the agenda of everyday citizens. Most prominently, the director of the US Federal Bureau of Investigation (FBI), Christopher Wray, claimed that  Chinese advanced persistent threat actors … Read more