Backup authentication methods create a vulnerability in passkey protection to adversary-in-the-middle attacks. Security protections from passkey authentication can still potentially be subverted by attackers....more
New and old attack vectors analyzed by RAND in their report on securing AI weights from theft. A new report published by RAND highlights the importance of securing the learnable parameters, or weights, of AI models to...more
Victims of LockBit ransomware attacks can reach out to the FBI for decryption keys and all companies can prepare against ransomware attacks. The FBI secured 7,000 LockBit decryption keys, providing victims of LockBit...more
DHS advises safeguards to protect AIs and to protect critical infrastructure from AI-powered attacks.
In continuing its work under the Biden Administration’s Executive Order 14110, “Safe, Secure, and Trustworthy...more
U.S. State Department announces international diplomacy strategy to promote digital solidarity. Recognizing emerging technologies and cyber threats as an inflection point for U.S. competition with geopolitical rivals, the...more
Companies should review their resiliency, vendors, suppliers, and plans for partnering with the FBI in case of a cyber event, says FBI. The People’s Republic of China (PRC) is positioning itself to “physically wreak havoc on...more
Joint guidance from the “Five Eyes” cybersecurity agencies provides best practices on securely deploying and operating AI systems. New guidance by the U.S. National Security Agency’s Artificial Intelligence Security Center,...more
CL0P is adopting “quadruple extortion” tactics. If your organization has received a ransomware demand, CL0P may be a familiar name. In 2023, CL0P was the third most prolific ransomware gang, after Lockbit and ALPHV....more
California continues as the frontrunner of U.S. AI regulatory developments. Following the Governor’s executive order on Generative AI (GenAI) published last year, California state agencies have worked to implement its...more
The California Privacy Protection Agency recently released updated draft regulations regarding cybersecurity audits under the California Consumer Privacy Act.
On November 8, 2023, the California Privacy Protection Agency...more
Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets....more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
The National Crime Agency fought back against Lockbit this week, affecting the groups administrative environment.
Coordinating with the FBI and international partners, the National Crime Agency (NCA) took control of...more
Informants can net $15 million for information about leaders behind the ALPHV/Blackcat Ransomware.
The U.S. Department of State is offering rewards of up to $10 million for information leading to key leaders in the...more
Coyote, a new Brazilian malware, is currently hunting down credentials for sixty-one (61) different banking applications. Researchers expect the malware to spread internationally. Russian cybersecurity firm Kaspersky has...more
New vulnerability found in the boot process for Linux systems configured to boot over the network.
A high severity vulnerability could allow attackers to take over a Linux system. The vulnerability is in the shim software...more
Increasingly available Deepfake technology that can be used to impersonate employees is increasing the level of social engineering risk.
Deepfake technology is increasingly being used against corporations to carry out social...more
Vulnerability in the open-source automation server Jenkins is exploitable using a publicly released proof of concept.
On January 24, 2024, Jenkins announced the presence of vulnerability CVE-2024-23897. The vulnerability...more
Cyberattacks from China are targeting critical infrastructure including communications, energy, transportation, and water. Critical U.S. infrastructure may face a higher risk of cyberattacks from the People’s Republic of...more
Vulnerabilities in enterprise file transfer solutions can lead to elevated risk. Now would be a good time to check your organization’s managed filed transfer service....more
Industrial automation platform Rapid SCADA contains seven key vulnerabilities.
CISA recently published an advisory about seven vulnerabilities in Rapid SCADA—an open-source industrial automation platform that provides tools...more
CISA has added a new Ivanti vulnerability to its known exploited vulnerability catalogue. This vulnerability can be paired with other recently-reported vulnerabilities to permit threat actors to write malicious web shell...more
A vulnerability in Microsoft SharePoint has been flagged as being actively exploited by CISA.
A vulnerability in Microsoft SharePoint is being actively exploited according to CISA’s known exploited vulnerabilities (KEV)...more
Since December 18, 2023 public companies other than smaller reporting companies are required to report a cybersecurity incident under Item 1.05 of Form 8-K within four business days after the company determines the incident...more
Yesterday, California Governor Gavin Newsom issued an executive order regarding generative artificial intelligence (“GenAI”). The order states that California has established itself as the world leader in GenAI innovation...more