A 2FA code, which stands for two-factor authentication code, is a form of Mutli-Factor Authentication (MFA) that requires a generated code as an additional verification factor to a username and password. For example, when logging in to an account, instead of solely entering your credentials, you would also have to provide a second method of verification by entering a code from an authenticator app or one that is sent to your phone.

The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in 2022, Decipher reports. Valid accounts were compromised in 54% of successful attacks. “Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” CISA said.

A phishing campaign carried out by the threat actor known as Storm-0978 has been detected by Microsoft. The campaign specifically targeted defense and government entities in Europe and North America. It exploited the CVE-2023-36884 vulnerability through Word documents, enabling a remote code execution vulnerability. Notably, the attackers used lures associated with the Ukrainian World Congress before the vulnerability was disclosed to Microsoft.

Voice authentication is a biometric security method that verifies individuals based on their unique vocal characteristics. It has become increasingly popular in various applications, ranging from phone banking to smart home devices. However, the rise of deepfake technology poses a significant threat to the integrity of voice authentication systems. Deepfakes are highly realistic artificial audio clips that can be used to impersonate someone else’s voice.

Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. This discovery poses a significant risk to the deployment of LLMs in public-facing applications, as it could potentially allow these models to be used for malicious purposes.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week we are exploring the significant role of AI in the field of cybersecurity and why it’s the next biggest thing in cybersecurity.

An effective third-party risk management (TRPM) program allows organizations to assess potential vulnerabilities and mitigate security risks across their entire ecosystem of vendors and suppliers. If your organization is expanding its third-party ecosystem by relying on partnerships to execute core operations, creating an effective TPRM plan is critical to regulating data risks across your growing attack surface.

GRC programs are often viewed as cost centers. But, they can in fact be profit drivers by contributing to sales acceleration, cost and time savings, and risk reduction. The real question is, how can you prove that to the board? TrustCloud teamed up with ISSA to discuss.

The Virginia Consumer Data Protection Act (VCDPA) was the second comprehensive consumer privacy law passed in the United States. The act followed the California Consumer Privacy Act (CCPA) and took effect on January 1, 2023. Commercial organizations that conduct business in Virginia and process consumer data will be the most affected by the VCDPA. Learn how UpGuard’s comprehensive cybersecurity solution can help your business remain compliant>

Scareware is a type of social engineering cyberattack that uses psychological manipulation to trick victims into downloading malware disguised as antivirus software. Cybercriminals trick users with frightening, urgent messages in pop-ups or emails which claim their computer is infected. Continue reading to learn how scareware attacks work, how to avoid falling victim to them and how to remove scareware from your devices.