On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
AI-enabled technology enhances threat actors’ ability to engage in advanced and difficult-to-detect forms of social engineering to deceive employees and circumvent companies’ security controls. Companies may consider new...more
The “Bad Likert Judge” jailbreaking technique boasts a high attack success rate by using a three-step approach which employs the target LLM’s own understanding of harmful content to bypass the target LLM’s safety guardrails....more
A recent attack by Chinese hacking group “Salt Typhoon” hit major U.S. telecommunications providers and exposed Americans’ call record metadata. Following this attack, the FCC and other agencies have taken steps to help...more
Five individuals who are alleged to be members of the Scattered Spider cybercrime group have been charged with multiple crimes after a federal investigation into an advanced social engineering attacks that targeted at least...more
A cybersecurity attack targeted cryptocurrency developers by uploading malicious packages to open-source website npm with names similar to libraries used in cryptocurrency work....more
Backup authentication methods create a vulnerability in passkey protection to adversary-in-the-middle attacks. Security protections from passkey authentication can still potentially be subverted by attackers....more
U.S. State Department announces international diplomacy strategy to promote digital solidarity. Recognizing emerging technologies and cyber threats as an inflection point for U.S. competition with geopolitical rivals, the...more
Companies should review their resiliency, vendors, suppliers, and plans for partnering with the FBI in case of a cyber event, says FBI. The People’s Republic of China (PRC) is positioning itself to “physically wreak havoc on...more
CL0P is adopting “quadruple extortion” tactics. If your organization has received a ransomware demand, CL0P may be a familiar name. In 2023, CL0P was the third most prolific ransomware gang, after Lockbit and ALPHV....more
The National Crime Agency fought back against Lockbit this week, affecting the groups administrative environment.
Coordinating with the FBI and international partners, the National Crime Agency (NCA) took control of...more
Informants can net $15 million for information about leaders behind the ALPHV/Blackcat Ransomware.
The U.S. Department of State is offering rewards of up to $10 million for information leading to key leaders in the...more
Coyote, a new Brazilian malware, is currently hunting down credentials for sixty-one (61) different banking applications. Researchers expect the malware to spread internationally. Russian cybersecurity firm Kaspersky has...more
New vulnerability found in the boot process for Linux systems configured to boot over the network.
A high severity vulnerability could allow attackers to take over a Linux system. The vulnerability is in the shim software...more
Cyberattacks from China are targeting critical infrastructure including communications, energy, transportation, and water. Critical U.S. infrastructure may face a higher risk of cyberattacks from the People’s Republic of...more
The Biden Administration released its National Cybersecurity Strategy (Strategy) in an effort to reshape U.S. policy and priorities around cybersecurity for the public and private sectors, marking a significant shift in tone...more