According to security researchers at IBM, generative AI tools can save phishing actors 16 hours of work designing a scam email but still can’t match a human.  The researchers noted that with only five simple prompts, they were able to trick a generative AI model to develop highly convincing phishing emails in just 5 minutes.  Among the prompts were the top areas of concern for employees working in specific industries; social engineering and marketing techniques that should be used; and the people/company that should be impersonated.

Muaho Chen, a new assistant professor in the Department of Computer Science at the University of California, Davis, will study jailbreaking attacks and other security problems associated with Large Language Models (LLMs) such as ChatGPT. As the development of LLMs and intelligent applications rises, Chen emphasizes that it is crucial to understand how LLM attacks can occur, as well as other dangerous behaviors such as generating hate speech. As their use increases, so does the sensitivity of shared information.

The National Security Agency (NSA)'s Cybersecurity Collaboration Center (CCC) has posted the latest installment of its Cybersecurity Speaker Series, which focuses on the D3FEND cybersecurity framework. Bailey Bickley, Chief of DIB Defense at the CCC, sat down with Eric Chudow, NSA's Technical Advisor for Cybersecurity Publications, and Peter Kaloroumakis, MITRE's D3FEND Lead, to discuss the development, release, and adoption of D3FEND and how it can be used as a reference for architecting, designing, and defending networks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new resource guide titled "Empowering Small and Medium-Sized Businesses (SMB): A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan." It aims to help Information and Communications Technology (ICT) SMBs develop and tailor a Supply Chain Risk Management (SCRM) plan that meets their business needs. In regard to the costs and complexity of SCRM, SMBs oftentimes lack the dedicated risk management and SCRM knowledge necessary to mitigate the risk of supply chain disruption.

The US Securities and Exchange Commission (SEC) has recently adopted rules requiring public companies to disclose cybersecurity incidents within four business days. After determining that an incident is material, the company has four business days to disclose it using the new Form 8-K Item 1.05. According to an SEC press release, the company must describe the material parts of the nature, timing, and scope of the incident, as well as its effects. The impact of the rules on companies, their management, boards of directors, and cybersecurity are of much discussion.

Quasar RAT, also known as CinaRAT or Yggdrasil, is an open-source Remote Access Trojan (RAT) that has been using DLL side-loading to avoid detection and stealthily steal data from compromised Windows hosts. According to researchers at Uptycs, this technique exploits the inherent trust that these files command within the Windows environment. They detailed the malware's reliance on ctfmon.exe and calc.exe in the attack chain. Quasar RAT is a C#-based remote administration tool.

The US energy services company BHI Energy has detailed how the Akira ransomware operation breached its network and stole data. BHI Energy is an engineering services and staffing solutions provider that supports private and government-operated oil and gas, nuclear, wind, solar, and fossil power generation units, as well as electricity transmission and distribution facilities. In a data breach notification sent to affected people by BHI Energy, the company describes in detail how the Akira ransomware group breached its network on May 30, 2023.

The FBI and Department of Justice (DoJ) have recently announced that thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program.  The DoJ noted that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs.  The money they earned was funneled to the North Korean weapons program.

Eight recently discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM), including three of critical severity, could allow attackers to gain access to unpatched systems with the highest levels of privilege. SolarWinds occupies a sensitive position in corporate networks as a comprehensive Information Technology (IT) management platform. Administrators use the ARM tool to provision, manage, and audit user access rights to data, files, and systems. This tool exemplifies the platform's ability to oversee and impact critical corporate network components.