Weekly Cybersecurity News Roundup: AI Regulation, Layoffs, US Aerospace Attacks and Post-Quantum Encryption
This week, significant cybersecurity news stories have emerged, some of which may have flown under the radar. Here’s what you need to know:
AI Regulation Still a Long Way Off
While regulations on artificial intelligence (AI) seemed to be progressing in the EU, the European People’s Party’s apparent desire to change rules has slowed the progress considerably. Since the rules involve remote biometric identification, the problem appears to be in the details. Meanwhile, Congress in the US is just starting to explore possible regulation of the technology, with an open question of whether GPT-speak should be protected under the First Amendment.
Recommendations on Securing US Critical Infrastructure Released
The Cyberspace Solarium Commission has released a report deeming the current system used to designate critical sectors as inadequate. In the report, CSC evaluates the state of the public-private sector relationship, underlines flaws in policy implementation, and provides recommendations on how to change it to improve national security.
OT Security Firms Update Their Platforms
Industrial cybersecurity firm Dragos and SentinelOne have announced layoffs that affected 9% and 5% of their workforce, respectively, after missing their Q1 targets. Meanwhile, OT security firms Radiflow and Network Perception have announced significant product updates. Radiflow has updated its CIARA platform to version 4.0, while Network Perception has launched version 4.2 of its NP-View OT network security solution.
OWASP Publishes Top 10 List for LLM Applications
The Open Web Application Security Project has published a Top 10 list of security risks associated with large language model (LLM) applications. The vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution.
US Aerospace Industry Targeted with PowerDrop Malware Attacks
The US aerospace industry fell victim to suspected nation-state attacks using the PowerShell script PowerDrop. The malware allows attackers to execute commands remotely on the victims’ networks and was built from PowerShell and WMI remote access trojans.
QuSecure Receives US Army Contract for Post-Quantum Encryption
The US Army has allocated up to $2 million to post-quantum encryption provider QuSecure for use in tactical edge and tactical IoT devices, which can be used for battle-ready deployment. QuSecure provides a quantum secure channel that features built-in crypto agility.
SDK for Quantum Software Released by Australian Firm
Quantum Brilliance, an Australian firm, has announced the full release of its Qristal SDK, which is designed for miniaturized, room-temperature, and portable quantum computing products.
Editorial – Importance of Application Security in Cybersecurity Landscape
With the ever-increasing dependence on technology and the rise in cyber threats, organizations that fail to prioritize security may suffer greatly. Application security, in particular, is of utmost importance in today’s cybersecurity landscape.
Despite being crucial, app security tends to be overlooked by many companies. It is often considered an afterthought, leading to insecure apps. Insecure apps are vulnerable to attacks, which might compromise the security of the entire organization and put sensitive data at risk.
To prevent this from happening, organizations need to make application security a priority. They should ensure that their developers are trained in secure coding practices and conduct regular security assessments of their apps. By doing so, they will not only protect their organization from potential attacks, but also improve their reputation and customer trust.
Advice on Cybersecurity
In today’s world, cybersecurity is more critical than ever. With cybercriminals getting smarter by the day, companies and individuals must remain vigilant. To stay safe, here are some tips:
1. Regularly Update Software and Hardware
Attackers take advantage of vulnerabilities in outdated software and hardware to launch attacks. To reduce the risk of such attacks, organizations and individuals need to keep their software and hardware up to date.
2. Use Strong Passwords
Strong passwords, which are long and complex, can be challenging to crack. For this reason, individuals and organizations should use strong passwords across all online accounts. Passwords should be changed regularly, and two-factor authentication should be used when available.
3. Conduct Regular Security Assessments
Regular security assessments can help identify vulnerabilities and reduce the risk of attacks on applications, networks, and systems. Organizations can conduct these assessments themselves or engage third-party providers.
By following these simple steps, individuals and organizations can reduce their risk of falling victim to cyber attacks.
<< photo by Juliana Malta >>
You might want to read !
- ChatGPT CEO advocates for new AI regulatory agency in congressional hearing
- “Regulating the Rise of AI: Navigating Its Proliferation Across Industries”
- The Dangerous Intersection of Economic Instability, Cybercrime Recruitment, and Insider Threats
- From Scarcity to Surplus: How Startups adapt to Shifting Economic Conditions