SCMagazine.com reported that “Microsoft has discovered a new method to jailbreak large language model (LLM) artificial intelligence (AI) tools and shared its ongoing efforts to improve LLM safety and security in a blog post Thursday.”  The April 15, 2024 article entitled ” Microsoft’s ‘AI Watchdog’ defends against new LLM jailbreak method” (https://tinyurl.com/3px8e7r8) included these comments:  Microsoft first revealed the “Crescendo” LLM jailbreak method in a paper published April 2, which describes how an attacker could send a series of seemingly benign prompts to gradually lead a ..read more

HeathCareInfoSecurity.com reported that “A Department of Health and Human Services division that administers funding, training and other services to children and families is putting sensitive data at high risk because of gaps in cloud security controls and practices, according to a watchdog agency report.”  The April 2, 2024 article entitled ” Poor Cloud Controls at HHS Put Families, Children at Risk” (https://tinyurl.com/hfr5vad8) included these comments:  A Department of Health and Human Services division that administers funding, training and other services to children and familie ..read more

SCMagazine.com reported that “A $22 million ransom payment allegedly made by Optum, which is supported by blockchain transaction records associated with ALPHV/BlackCat, was apparently stolen by the ransomware-as-a-service (RaaS) in an exit scam.”  The April 8, 2024 reported entitled “Change Healthcare breach data may be in hands of new ransomware group“ (https://tinyurl.com/yc8nzak2) included this information: The Change Healthcare breach story has taken on a new twist, with emerging ransomware group RansomHub claiming Monday it has 4TB of data stolen from the healthcare tech company in F ..read more

SCMagazine.com reported that “There’s a lot going on inside the minds of small and medium-sized business (SMB) owners….. Increasingly, those opportunities exist in the cloud, whether it’s gaining new insights from data, effortlessly scaling to meet demand, or enabling collaboration from anywhere. But when it comes to cloud security,…”  The March 29, 2024 article entitled ” Three cloud security misconceptions that hold SMBs back” (https://tinyurl.com/4dpmm2x9) included these three cloud security misconceptions:  Misconception #1: Security costs too much money – and it’s not a priority ..read more

SCMagazine.com reported “An active attack targeting a vulnerability in Ray, a widely used open-source AI framework, has impacted thousands of companies and servers running AI infrastructure — computing resources that were exposed to the attack through a critical vulnerability that’s under dispute and has no patch.”  The March 26, 2024 article entitled “Flaw in Ray AI framework potentially leaks sensitive data of workload” (https://www.scmagazine.com/news/flaw-in-ray-ai-framework-potentially-leaks-sensitive-data-of-workloads) included these comments: Oligo researchers said in a March 26 bl ..read more

CIO.com reported that “Digital success requires a product-based approach to IT — and a shift to persistent rather than per-project funding. Here’s how to address your CFO’s concerns about costs and risks.  CFOs want certainty when it comes to spend. And they want to know exactly how much return on investment (ROI) can be expected when IT leaders make technology-related changes.” The March 25, 2024 article entitled “How to get your CFO to buy into a better model for IT funding” (https://www.cio.com/article/2066628/how-to-get-your-cfo-to-buy-into-a-better-model-for-it-funding.html?amp ..read more

BankInfoSecurity.com reported that “Artificial intelligence technologies such as generative AI are not helping fraudsters create new and innovative types of scams. They are doing just fine relying on the traditional scams, but the advent of AI is helping them scale up attacks and snare more victims, according to fraud researchers at Visa.”  The March 21, 2024 article entitled “AI Is Making Payment Fraud Better, Faster and Easier” (https://tinyurl.com/ms7enr8a) included these comments from Paul Fabara (Chief Risk and Client Services officer at Visa):  Organized threat actors continue ..read more

SCMagazine.com reported that “Dallas-based UT Southwestern Medical Center had data from almost 2,100 individuals compromised following a data breach, The Dallas Morning News reports.” The March 12, 2024 report entitled “UT Southwestern breach hits over 2K patients” (https://www.scmagazine.com/brief/ut-southwestern-breach-hits-over-2k-patients) included these comments a UT Southwestern spokesperson: We are assessing the data to prepare notifications to those impacted in accordance with federal regulations. The incident involved internal use of unapproved software and did not involve a cyberatta ..read more

Computerworld.com reported that “More than 150 leading artificial intelligence (AI) researchers, ethicists and others have signed an open letter calling on generative AI (genAI) companies to submit to independent evaluations of their systems, the lack of which has led to concerns about basic protections. The letter, drafted by researchers from MIT, Princeton, and Stanford University, called for legal and technical protections for good-faith research on genAI models, which they said is hampering safety measures that could help protect the public.” The March 5, 2024 arti ..read more

DarkReading.com reported that “New guidance expands the frame to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.”  The February  26, 2024 Report entitled “NIST Releases Cybersecurity Framework 2.0” (https://www.darkreading.com/ics-ot-security/nist-releases-cybersecurity-framework-2-0) which included these comments: The new framework builds on its long-standing, cyber-risk-reducing recommendations to include the concerns of organizations outside of its initial focus on critical infrastructure. NIST released its first ..read more