Quote for the day:
"Whenever you find yourself on the side of the majority, it is time to pause and reflect." -- Mark Twain
The AI-powered cyberattack era is here

You just need a three-second recording of a person talking, according to McAfee experts. With that snippet, you can create convincing fake messages or phone calls. If someone sounds like a trusted person, people are ready to hand over their cash or secrets. In 2024, the company’s global study found one in four people had suffered or knew someone hit by an AI voice scam. ... One challenge in the field of AI-enabled attacks — which is to say, attacks that didn’t exist or weren’t possible before genAI — is how quickly everything changes. Take AI browsers, for example. This new category of web browser includes Perplexity Comet, Dia (by The Browser Company), Fellou, Opera Neon, Sigma AI Browser, Arc Max, Microsoft Edge Copilot, Brave Leo, Wave Browser Pro, SigmaOS, Opera Aria, Genspark AI Browser, Poly, Quetta Browser, Browserbase, Phew AI Tab, and the upcoming OpenAI browser. ... The truth is that most attacks are still the old-fashioned kind, performed without help from AI. And most still involve human error. So all the standard guidelines and best practices apply. Companies should update software regularly, require multifactor authentication for all logins, and give employees training about fake emails and malicious links. Outside experts should run penetration tests twice a year. Making regular offline backups can save thousands after AI-based ransomware attacks.
How to Make Data Work for What’s Next

Cybercrime increasingly moving beyond financial gains

"The old software world is gone, giving way to a new set of truths being
defined by AI. To navigate the changes, technical leaders should carry out
rigorous validation on AI assistants. Managers should establish formal AI
governance policies and invest in training for emerging technologies. Security
professionals should update their threat models to include AI-specific risks
and leverage SBOMs [Software Bill of Materials] as a strategic asset for risk
management to achieve true scale application security." ... "Without SBOMs,
we're flying blind. With them, we're finally turning the lights on in the
supply chain cockpit," said Helen Oakley, Director of Secure Software Supply
Chains and Secure Development at SAP. "AI coding assistants are like interns
with rocket fuel. They accelerate everything, including errors, if you don't
set boundaries." ... "For organizations adopting third-party AI tools, it's
also critical to recognize that this introduces a shared security
responsibility model—much like what we’ve seen with cloud adoption. When
visibility into vendor infrastructure, data handling, or model behavior is
limited, organizations must proactively mitigate those risks. That includes
putting robust guardrails in place, defining access boundaries, and applying
security controls that account for external dependencies."
A key technological advancement emerging from these hubs is the application of
digital twins in pharmaceutical research. Initially used in engineering and
manufacturing sectors, digital twins in the pharmaceutical industry are
virtual models of human systems that replicate biological processes. These
replicas are built using vast volumes of biological, clinical and genomic
data, enabling researchers to test how different patient profiles might
respond to specific drugs without exposing individuals to experimental
therapies. The implications of this approach are transformative. Through
digital twins, pharmaceutical scientists can simulate the progression of
diseases, predict Adverse Drug Reactions (ADRs) and model patient diversity
across age, gender, genetic traits and comorbidities. This ability to run
in-silico trials, which are clinical trials conducted through virtual
simulations, reduces the cost, duration and risk associated with traditional
clinical testing. ... AI is transforming every clinical development phase
worldwide, from trial design to execution and outcome analysis. According to
industry estimates, AI is expected to support 60–70 per cent of clinical
trials by 2030, potentially saving $20–30 billion annually. While digital
twins represent just one facet of this broader AI integration, their capacity
to virtually assess drug safety and efficacy could significantly accelerate
the journey from discovery to patient delivery.
How Digital Twins Transform Drug Development Processes

Break the Link: The Fastest Way to Contain a Cyber-Attack
Hardware-enforced network isolation gives operators the ability to physically disconnect servers, storage and network segments on demand, using secure, out-of-band commands that sit entirely outside the attack surface. The simplicity here is the ultimate strength: if malware can’t make contact, it can’t cause damage. If a breach does happen? You can trigger isolation in milliseconds, stopping the spread before it locks systems, exfiltrates data or drains accounts. Unlike software-only isolation, which depends on the very systems it’s defending, hardware isolation can’t be tampered with remotely. No IP address, no exploitable code, just a clean physical break. ... Hardware isolation cuts the response to milliseconds, preserving both data integrity and regulatory compliance. It stops an incident at the source, shutting it down before operations are disrupted. The power of isolation is especially effective in high-stakes environments where speed and certainty matter. In colocation facilities, automated isolation prevents cross-tenant contamination by cutting off a compromised tenant before the threat can spread. At disaster recovery sites, it enables network segments to remain fully offline until they are needed, improving security and efficiency. In AI-heavy workloads, hardware isolation prevents model tampering and data exfiltration. In backup environments, selective disconnection ensures ransomware cannot encrypt or corrupt critical archives.Prioritize these 4 processes to balance innovation and responsibility in banking model risk management

Achieving a Secure Cloud with Restructured NHIs
At its core, NHIs restructuring involves the process of redefining and aligning the various identities and linked secrets within your organization’s cloud infrastructure. The aim is to have a more effective, efficient, and secure system capable of monitoring and governing NHIs. This restructuring process includes a comprehensive review of the existing NHIs, secrets, and their permissions. It also involves determining which secrets are associated with which NHIs, who owns them, how they are used, and which vulnerabilities they may be exposed to. By performing this activity, a strong foundation can be laid for establishing a secure cloud environment that harnesses the power of NHIs management. ... Why is the restructuring of NHIs not just a requirement but a strategic move for any digital enterprise? The answer lies in the potential weaknesses and vulnerabilities that can arise from poorly managed NHIs. Restructuring NHIs is not merely about enhancing cybersecurity but developing a strategic advantage. This requires realizing the significance of NHIs in providing a compelling line of defense against potential security breaches. By properly managing and restructuring NHIs, organizations can build comprehensive, effective, and potent cyber defenses. It enables them to anticipate potential threats, detect vulnerabilities, and implement proactive measures to mitigate risks.Boards are being told to rethink their role in cybersecurity
