SecureLayer7

We benchmarked PromptPurify against 4 OSS prompt injection guardrails. The size gap is embarrassing. Here's the comparison:

Most teams evaluating guardrails compare recall numbers. That's the wrong first question. The right first question: will your team actually ship it?

A model that needs a GPU, a sidecar, and API budget never makes it to production. It stays in the eval spreadsheet.

Good guardrail vs Bad guardrail:

- 14 MB vs 180 MB to 7 GB
- CPU, in-process vs GPU recommended
- Single-digit ms vs network round-trip
- $0/call vs compute cost
- Ships inside your app vs runs next to it

Same inputs. Same scoring code. Same eval slice. Reproducible in 2 commands on your laptop.

1. Threshold-neutral methodology Every model evaluated at its own published default. No model gets a home-field advantage.
2. Held-out eval Hash-bucketed splits. The evaluation slice was never seen by our model at training time.
3. Reproduce it yourself No cloud credits. No GPU. CPU only, 3-5 minutes.

The guardrail that fits in your stack is the one that actually protects your users.

https://lnkd.in/gVesqZR5

Star it. Run the bench. Tell us where it fails.

LinkedIn This link will take you to a page that’s not on LinkedIn

Anton just started this morning. Gilfoyle hasn't written the safety policies yet.

Walk up and ask him for the password.

That's Level 1. Easy.

By Level 7, Anton's seen every trick in the book.

75 people on the leaderboard. Most don't make it past Level 5.

Drop your alias in the comments when you get the password.

Try: https://anton.securelayer7.net

In March this year, a massive 3CXDesktopApp supply chain attack disrupted the BAU for international organizations. 3CX, the enterprise offering that built the video and voice conferencing software has over 600,000 customer companies, with over 12 million daily users across 190 countries.

The impact of the attack, including financial and data loss is severe. Businesses are cautioned to be vigilant. If you run the compromised versions of 3CX, we recommend you to ensure the following steps;

1. Ensure that no detection exception is configured in your security solutions (EDR, AV, etc.)
2. Make sure all detection tools are updated with appropriate rules and Indicators of Compromise (IoC)
3. Upgrade 3XC apps to the latest version - 18.12.422 or uninstall in favor of a PWA web-only solution
4. If the app is compromised, uninstall and reinstall

Read more about 3CXDesktopApp here: https://blog.securelayer7.net/3cx-supply-chain-campaign-technical-analysis/

3CX Supply Chain Campaign Technical analysis and POC On March 29th, 2023, the cybersecurity world was alerted to a troubling issue - the 3CXDesktopApp had been compromised. The implications of this supply chain campaign are significant, given the global distribution of various Trojanized versions of their VOIP software. This attack has impacted Window...

According to World Economic Forum, cybercrime, and cyber insecurity rank 8th in terms of severity of impact.

The Global Cybersecurity Outlook 2023 by WEF also found that 93% of cybersecurity experts and 86% of business leaders believe that global instability will have a negative impact on ensuing cybersecurity over the next two years. And that makes security a national priority for every country.

Is it possible to build a security program on open source?

We asked the same question - the subject of Spark ’s Defence Depth last month - to some of the CISOs.

They all unanimously agree that open source is great for organizations that are starting off. But scaling up and implementation are some of the challenges organizations may encounter in the later stages.

Listen to this conversation between David Spark and Belknap, CISO Series, LinkedIn for an expert view.

www.linkedin.com

If you are an enterprise planning to implement security practices but do not have expert support, these are some questions to get started;

1. Where are the assets hosted and how are they distributed on the cloud and on-premise?
2. Are you creating data backups?
3. Do you have any security guidelines or policies for remote employees and employees using their devices?
4. Does the organization keep a check on the networks being accessed?
5. Have you ever encountered any intrusion attempts in the past 3 - 6 months?
If yes, what action have you taken?
6. Has any of the employees encountered malicious emails or messages on their system?
7. Have you conducted any security awareness sessions for the employees in the past?

These might help you get started on securing critical data. The kind of service you would require entirely depends on the nature of the business. We have a list of blogs that explain end-to-end security. Access the same in the comments.

Also, do get in touch to know more about Pen test as a Service and when you need it.

Whether you are a small business owner, an IT leader, or a cyber security enthusiast, the need for stringent security measures remain the same.

Here are 15 best practices, including some that organizations may miss out on.

Read more: https://blog.securelayer7.net/network-security-best-practices/

Yet another exploitation of Zero-day vulnerability.

This time, hackers plotted the attack against General Bytes ATMs, stealing cryptocurrency worth USD 1.5 million. The exploited bug that helped the hackers gain access to the ATMs is known as BATM-4780.

Here is more into what led to the attack and the response from general bytes.

https://cyberdaily.securelayer7.net/general-bytes-atms-hacked-with-zero-day-vulnerability-1-5m-stolen/

General Bytes ATMs Hacked with Zero Day Vulnerability, $1.5M Stolen - The Cybersecurity Daily News Bitcoin ATM company General Bytes loses $1.5M to hackers exploiting zero day vulnerability. Crypto theft at its finest.

Web Service Description Language (WSDL) is a prerequisite for web service pe*******on testing to protect websites from malicious attacks.

Safeguarding the platform ensures that business operations are unaffected and streamlined. Our latest blog explores all about web services pe*******on testing, the prerequisites, tools and more.

https://blog.securelayer7.net/web-service-security-pe*******on-testing/

🔒 Webinar Alert 🔒
Are you concerned about the security of your OAuth2.0 implementation?

Join us for our upcoming webinar, "Hacking OAuth2.0: Beyond The Basics", on 9th March 2023 at 11 AM IST.

Register now and secure your spot! 👇
https://infosec.securelayer7.net/webinar_oauth