Articles
Introducing the Coalition for Secure AI (CoSAI)
2 min read
Announcing the launch of the Coalition for Secure AI (CoSAI) to help securely build, deploy, and operate AI systems to mitigate AI-specific security risks.
Enhancing AI Security Incident Response Through Collaborative Exercises
2 min read
Take-aways from a tabletop exercise led by CISA's Joint Cyber Defense Collaborative (JCDC), which brought together government and industry leaders to enhance our collective ability to respond to AI-related security incidents.
Introducing the Open Supply-Chain Information Modeling (OSIM) Technical Committee
4 min read
OSIM is a great advancement towards a more secure and resilient supply chain ecosystem.
Securing the LLM Stack
7 min read
Learn how to secure the LLM stack, which is essential to protecting data and preserving user trust, as well as ensuring the operational integrity, reliability, and ethical use of these powerful AI models.
Securing AI: Navigating the Complex Landscape of Models, Fine-Tuning, and RAG
7 min read
Bad actors leverage AI, escalating the complexity and scale of threats. We need robust security measures and proper monitoring in developing, fine-tuning, and deploying AI models.
Akira Ransomware Targeting VPNs without Multi-Factor Authentication
4 min read
Cisco has observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.
Threat Actors Exploiting SNMP Vulnerabilities in Cisco Routers
2 min read
Recent reports and threat intelligence indicate that cyber attackers are exploiting vulnerabilities in legacy Cisco routers and switches that have not been properly upgraded, configured, or updated with the latest software.
Cyber Actors Bypassing Two-Factor Authentication Implementations
2 min read
A recent FBI flash bulletin described how cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) and bypass Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This did NOT leverage or reveal a vulnerability in Duo.
The PSIRT Services Framework: Helping the Industry Protect the Ecosystem
3 min read
At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk....
3