News

  • Humans in AI: The necessity for human-in-the-loop (HILT)
    on June 18, 2024

    A deliberate approach is essential for AI to be net positive, and human-in-the-loop is an essential component of this.

  • Community colleges, HBCUs get cyber talent boost under bipartisan House bill
    on June 17, 2024 in Workforce, cyber workforce, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS)

    The Cybersecurity Clinics Grant Program Act aims to provide “high-potential paths” to cyber jobs at two-year colleges and minority-serving institutions. The post Community colleges, HBCUs get cyber talent boost under bipartisan House bill appeared first on CyberScoop.

  • British national with possible links to high-profile phishing campaigns arrested in Spain
    on June 17, 2024 in Cybercrime, 0ktapus, Federal Bureau of Investigation (FBI), The Com

    Authorities have yet to formally identify the 22-year-old, but reports suggest he was a prominent player in “the Com” ecosystem. The post British national with possible links to high-profile phishing campaigns arrested in Spain appeared first on CyberScoop.

  • 6 months of SEC cybersecurity disclosure rules: An updated view
    on June 17, 2024

    As the 6-month mark of the SEC’s new cybersecurity disclosure regulations approaches, it’s a good time to reflect on the requirements.

  • ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
    on June 17, 2024

    ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"

  • Only 19% of MITRE ATT&CK tactics are covered by SIEMs
    on June 17, 2024

    Security leaders respond to a new report showing only 19% of MITRE ATT&CK tactics are covered by SIEMs. 

  • China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
    on June 17, 2024

    A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which responded to

  • What is DevSecOps and Why is it Essential for Secure Software Delivery?
    on June 17, 2024

    Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.

  • Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
    on June 17, 2024

    Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

  • NiceRAT Malware Targets South Korean Users via Cracked Software
    on June 17, 2024

    Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst

  • U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
    on June 16, 2024

    Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the

  • Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
    on June 15, 2024

    Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is

  • Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks
    on June 15, 2024

    A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written in Golang and is designed to infect Linux systems. "It is a modified version of the public project

  • Meta Pauses AI Training on EU User Data Amid Privacy Concerns
    on June 15, 2024

    Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and

  • Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
    on June 14, 2024

    Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI. This creates a huge challenge: how do you

  • Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
    on June 14, 2024

    Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done

  • CISA leads first tabletop exercise for AI cybersecurity
    on June 14, 2024 in Government, Artificial Intelligence (AI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Joint Cyber Defense Collaborative (JCDC)

    The Biden administration-led exercise featured 15 companies and several international cyber agencies. The post CISA leads first tabletop exercise for AI cybersecurity appeared first on CyberScoop.

  • Why Regulated Industries are Turning to Military-Grade Cyber Defenses
    on June 14, 2024

    As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard

  • ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
    on June 14, 2024

    An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access,"

  • North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
    on June 14, 2024

    Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and

  • Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
    on June 14, 2024

    Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in the coming weeks. "We are adjusting the release model for Recall to leverage the expertise of the

  • Absolutely the most important list you will ever read!
    on June 14, 2024

    Tips to help security leaders navigate endless Internet lists about leadership.

  • Security leaders respond to industry’s need for 225,000 professionals
    on June 14, 2024

    Security leaders respond to recent data showing the cybersecurity industry needs 225,000 professionals.

  • The power of podcasts
    on June 14, 2024

    From leadership advice to explorations of emerging security threats, guests on The Security Podcasts share career stories for the good of the industry.

  • Lawmakers question Microsoft president over China ties, repeated breaches
    on June 14, 2024 in Cybersecurity, Government, Bennie Thompson, China, Congress, Cyber Safety Review Board, House Homeland Security Committee, Mark Green, Microsoft, privacy, Russia, SolarWinds

    Brad Smith defended the company at a time of growing concerns about whether the tech giant is sufficiently prioritizing security. The post Lawmakers question Microsoft president over China ties, repeated breaches appeared first on CyberScoop.

  • Beyond the breach: The ongoing fragility of healthcare cybersecurity
    on June 13, 2024

    A wave of ransomware attacks disrupting clinical operations and forcing hospitals to turn away patients is the latest reminder of the fragility of life-saving infrastructure. 

  • New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
    on June 13, 2024

    The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model itself, posing a severe supply chain risk to an

  • GAO reminds White House of cyber backlog
    on June 13, 2024 in Government, Policy, GAO, Government Accountability Office, National Cybersecurity Strategy, White House

    An 80-page report from the government watchdog details the cybersecurity policy to-do list for the White House. The post GAO reminds White House of cyber backlog appeared first on CyberScoop.

  • Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware
    on June 13, 2024

    The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often

  • Russian disinformation campaign attempts to disrupt the Paris Olympics
    on June 13, 2024

    A Russian disinformation campaign is attempting to disrupt the Paris Olympics, and security leaders are sharing their thoughts. 

  • Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
    on June 13, 2024

    Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial

  • Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
    on June 13, 2024

    Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The

  • Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware
    on June 13, 2024

    The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection," security researchers Nicole Fishbein and Ryan Robinson said in

  • Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups
    on June 13, 2024

    The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been

  • Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
    on June 13, 2024

    Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be

  • New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems
    on June 13, 2024

    A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."

  • How law enforcement can prepare for a career in the private sector
    on June 13, 2024

    Transitioning security careers can be difficult, but there are several skills that can be transferred between positions.

  • Do security job titles affect your job search strategy?
    on June 13, 2024

    Security professionals angling for top jobs in the industry often focus on the role of Chief Security Officer. Is that the best job search strategy?

  • Microsoft’s Brad Smith should prepare for ‘ritual punishment’ before House hearing
    on June 12, 2024 in Technology, Biden administration, Brad Smith, China, Congress, CSIS, Cyber Safety Review Board, data breaches, Department of Homeland Security (DHS), House Homeland Security Committee, ICIT, jim lewis, Microsoft, Russia, Trellix, Trump administration

    Some experts are doubtful the Homeland Security Committee testimony and questioning of Microsoft chief Brad Smith will lead to significant change. The post Microsoft’s Brad Smith should prepare for ‘ritual punishment’ before House hearing appeared first on CyberScoop.

  • OSHA determines construction whistleblower was wrongfully terminated
    on June 12, 2024

    OSHA determined that a crane and rigging provider violated federal law by firing a company truck driver for refusing to exceed safe driving limits.