Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍ This month's release rollup includes Egnyte's AI-driven document summarization, project dashboard for Android, and Smart Cache file download improvements. Below is an overview of these and other new releases. Visit the linked articles for more details.

The U.S. Securities and Exchange Commission (SEC) announced new regulations for public companies requiring them to disclose a “material cybersecurity incident” via formal report due four business days after a company determines that a cybersecurity incident is material. This is creating a lot of buzz, with companies worried if they will be prepared.

In today's digital landscape, where data breaches and security threats are a constant concern, ensuring least privilege access is of utmost importance for companies operating in the cloud. Granting the principle of least privilege to employees helps minimize the risk of unauthorized access, accidental misuse, and insider threats. However, achieving and maintaining least privilege access can be challenging, often resulting in manual processes, delays, and potential security gaps.

Voice authentication is a biometric security method that verifies individuals based on their unique vocal characteristics. It has become increasingly popular in various applications, ranging from phone banking to smart home devices. However, the rise of deepfake technology poses a significant threat to the integrity of voice authentication systems. Deepfakes are highly realistic artificial audio clips that can be used to impersonate someone else’s voice.

A phishing campaign carried out by the threat actor known as Storm-0978 has been detected by Microsoft. The campaign specifically targeted defense and government entities in Europe and North America. It exploited the CVE-2023-36884 vulnerability through Word documents, enabling a remote code execution vulnerability. Notably, the attackers used lures associated with the Ukrainian World Congress before the vulnerability was disclosed to Microsoft.

Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. This discovery poses a significant risk to the deployment of LLMs in public-facing applications, as it could potentially allow these models to be used for malicious purposes.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week we are exploring the significant role of AI in the field of cybersecurity and why it’s the next biggest thing in cybersecurity.

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.

Business email compromise (BEC) continues to be one of the fastest growing and most risky attack vectors for companies, as it has become a multimillion-dollar business that causes almost 80 times more losses than ransomware.