Timely injection attacks threaten AI chatbots and other cybersecurity news to know this month

The UK’s National Cyber ​​Security Center (NCSC) has highlighted the growing risk of chatbots being manipulated by hackers through “injection” attacks. This is when a user creates input that causes the model to behave in an unexpected way, such as creating offensive content or revealing confidential information.

The agency said the current generation of large language models (LLMs) are vulnerable to these types of inputs, which could have worrying consequences. As LLM is increasingly used to pass information to other services and applications, the risk of immediate injection attacks increases.

NCSC has also announced that Ollie Whitehouse will become its new Chief Technology Officer.

According to new figures from VPN provider Surfshark, the number of data breaches worldwide increased by 156% from Q1 to Q2 2023.

A total of 110.8 million accounts were leaked in the second quarter of this year, equivalent to 855 accounts every minute.

Nearly half of these breaches were from accounts originating from the US, while Russia, Spain, France and Turkey made up the remainder of the top five most breached countries.

According to a new report from IBM, the global average cost of a data breach has increased 15% over the past three years. Data costs due to 2023 breach revealed that 51% of organizations plan to improve their cybersecurity as a result of a breach.

Japan’s National Cyber ​​Defense Agency has been breached by hackers who may have accessed information for up to nine months. Financial Times report. The attack on Japan’s National Cybersecurity Incident Readiness and Strategy Center began last fall, with Chinese state-backed hackers believed to be behind the attack This.

Microsoft says basic cyber hygiene still protects against 98% of attacks. The minimum standards that every organization should adopt are: requiring anti-phishing multi-factor authentication; apply the principle of zero trust; use up-to-date anti-malware tools; stay up to date with system and software updates; and data protection.

The bonuses of top corporate executives are increasingly tied to cybersecurity metrics. It’s part of a trend toward cybersecurity as a top concern, with companies including Johnson & Johnson and the London Stock Exchange Group among those attaching a portion of their bonuses to the goal. network in 2022.

The Five Eyes intelligence alliance has detailed how Russian state-sponsored Sandworm hackers are using Android malware called Infamous Chisel to attack Ukrainian soldiers’ devices, scan files, monitor traffic Access and steal sensitive information.

Microsoft has identified seven emerging hybrid warfare trends from Russia’s cyber war with Ukraine. These include weaponizing pacifism by amplifying discontent about war and stoking fears of World War III. Other tactics include demonizing refugees and mobilizing nationalism.

A cybercriminal couple has pleaded guilty to trying to launder $4.5 billion in Bitcoin stolen in a hack in 2016. Heather Morgan and Ilya Lichtenstein were arrested last year after police sought the money . Before his arrest, Morgan released a series of rap videos under the name Razzlekhan.

The World Economic Forum’s Global Alliance for Digital Safety has created a foundational language to identify online harms. The goal is to create a common language to describe online harm so that regulators and technology companies can better collaborate to tackle it.

Consolidating cybersecurity tools, testing, and strengthening resilience measures are among seven steps companies can take to control cybersecurity spending without compromising its effectiveness.

Paul Swartz and Francois Candelon of the BCG Henderson Institute argue that we need to be realistic about the impact of general AI. They say the impact of technology on productivity growth has been consistently overstated and that analysts may repeat that mistake with generative AI.