Welcome Readers,

Unravel the Microsoft Bing AI Chatbot and the Malicious Ads. A narrative of deceit that paints a stark picture of the dark alleyways of AI, where even the giants tread lightly.

In today’s newsletter:

• 🤖 Microsoft Bing AI Chatbot and Malicious Ads Encounter

• 💰 Navigating Cybersecurity Budget Constraints

• 🛡️ Inauguration of NSA’s AI Security Center

• 📜 Unveiling Federal Acquisition Regulatory (FAR) Council Updates

• 🏦 Exploration of SEC’s July 2023 Cybersecurity Rules

The Scoop

🤖 Microsoft Bing AI Chatbot Poisoned with Malicious Ads​

• Cybercriminals inserted malicious ads into Microsoft Bing's AI chatbot.

• This tactic tricked users into downloading trojanized software from spoofed domains.

• The incident underlines the evolving tactics of cyber adversaries.

Malevolent actors are leveraging sophisticated techniques, such as poisoning AI, to spread malware, posing serious risks to unsuspecting users.

💰 Cybersecurity Budget Constraints

• A SANS Institute survey revealed a shrink in budgets for ICS/OT security.

• In response, hiring managers have increased starting salaries to recruit proficient cybersecurity professionals.

• CISA's Cybersecurity Awareness Month campaign is challenging tech vendors to develop safer products.

The financial strains in cybersecurity, the efforts to attract skilled personnel, and the push towards fostering a culture of enhanced security in tech product development.

🛡️ NSA's AI Security Center​

• NSA is launching an AI security center to prevent theft of cutting-edge AI models and intellectual property.

• The initiative aims at consolidating existing approaches to securing AI models, fostering collaboration within government and private industry.

This move signifies a strategic step towards protecting AI innovations from theft, which is crucial for maintaining a competitive edge and national security.

📜 Federal Acquisition Regulatory (FAR) Council Updates (October 03, 2023):

• The Council issued two proposed rules aimed at enhancing cybersecurity.

• One rule imposes security incident reporting requirements on federal contractors.

• The other aims to standardize cybersecurity contractual requirements for unclassified federal contract​.

🏦 Securities and Exchange Commission (SEC) Cybersecurity Rules (July 2023):

• New rules require publicly listed companies to adhere to incident reporting and governance disclosure requirements.

• Aimed at ensuring organizations are prepared for real threats and potential breach​.