Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

A jargon-free explanation of how AI large language models work

Want to really understand large language models? Here’s a gentle primer.

When ChatGPT was introduced last fall, it sent shockwaves through the technology industry and the larger world. Machine learning researchers had been experimenting with large language models (LLMs) for a few years by that point, but the general public had not been paying close attention and didn’t realize how powerful they had become.

Today, almost everyone has heard about LLMs, and tens of millions of people have tried them out. But not very many people understand how they work.

If you know anything about this subject, you’ve probably heard that LLMs are trained to “predict the next word” and that they require huge amounts of text to do this. But that tends to be where the explanation stops. The details of how they predict the next word is often treated as a deep mystery.   More…

The U.S. Is Falling Behind on Encryption Standards – And That’s a Global Problem

The U.S. National Institute of Standards and Technology (NIST) is charged with setting cybersecurity standards and validating products, yet is woefully behind on both. As new threats emerge — we’re looking at you, quantum computing — continued delays could become a crisis.

HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

Could C2PA Cryptography be the Key to Fighting AI-Driven Misinformation?

Adobe, Arm, Intel, Microsoft and Truepic put their weight behind C2PA, an alternative to watermarking AI-generated content.

The C2PA specification is an open source internet protocol that outlines how to add provenance statements, also known as assertions, to a piece of content. Provenance statements might appear as buttons viewers could click to see whether the piece of media was created partially or totally with AI.  More…

“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

Sentences still to be decided, but she could get up to 10 years and he could get as many as 20.

CISA Releases its Cybersecurity Strategic Plan


Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability:

  • Increase visibility into, and ability to disrupt, cybersecurity threats and campaigns
  • Coordinate disclosure of, hunt for, and drive mitigation of critical and exploitable vulnerabilities
  • Plan for, exercise, and execute joint cyber defense operations and coordinate the response to significant cybersecurity incidents
  • Understand how attacks really occur—and how to stop them
  • Drive implementation of measurably effective cybersecurity investments
  • Provide cybersecurity capabilities and services that fill gaps and help measure progress
  • Drive development of trustworthy technology products
  • Understand and reduce cybersecurity risks posed by emergent technologies
  • Contribute to efforts to build a national cyber workforce

Learn more about CISA’s Cybersecurity Strategic Plan at https://www.cisa.gov/cybersecurity-strategic-plan.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.