On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
Earlier this month, Secretary of the Department of Homeland Security (DHS) Kristi Noem announced plans to disband the Critical Infrastructure Partnership Advisory Council (CIPAC). First created in 2006, CIPAC is a...more
AI-enabled technology enhances threat actors’ ability to engage in advanced and difficult-to-detect forms of social engineering to deceive employees and circumvent companies’ security controls. Companies may consider new...more
The Cybersecurity and Infrastructure Security Agency (CISA) unveiled new cyber performance goals aimed at addressing risks to software development and product design in the IT sector.
Last week, the Cybersecurity and...more
The “Bad Likert Judge” jailbreaking technique boasts a high attack success rate by using a three-step approach which employs the target LLM’s own understanding of harmful content to bypass the target LLM’s safety guardrails....more
A recent attack by Chinese hacking group “Salt Typhoon” hit major U.S. telecommunications providers and exposed Americans’ call record metadata. Following this attack, the FCC and other agencies have taken steps to help...more
A new study finds that a majority of employees may sidestep their company’s security policies to be more productive, including policies related to workplace AI. It may come as little surprise that employees try to find ways...more
Five individuals who are alleged to be members of the Scattered Spider cybercrime group have been charged with multiple crimes after a federal investigation into an advanced social engineering attacks that targeted at least...more
On November 6, 2024, the Transportation Security Administration (TSA) published a Notice of Proposed Rulemaking (NPRM) that would mandate cyber risk management and reporting requirements for certain surface transportation...more
A cybersecurity attack targeted cryptocurrency developers by uploading malicious packages to open-source website npm with names similar to libraries used in cryptocurrency work....more
NIST’s “quick-start guide” is designed to assist acquirers as they evaluate the various risks across their network of suppliers, focusing on supply chain tiers, foreign ownership, control or influence (FOCI), provenance,...more
The shared Safe Software Deployment guidance calls software manufacturers to implement safe software development programs supported by verified processes including robust testing, rollout, and feedback loops....more
Backup authentication methods create a vulnerability in passkey protection to adversary-in-the-middle attacks. Security protections from passkey authentication can still potentially be subverted by attackers....more
Victims of LockBit ransomware attacks can reach out to the FBI for decryption keys and all companies can prepare against ransomware attacks. The FBI secured 7,000 LockBit decryption keys, providing victims of LockBit...more
DHS advises safeguards to protect AIs and to protect critical infrastructure from AI-powered attacks.
In continuing its work under the Biden Administration’s Executive Order 14110, “Safe, Secure, and Trustworthy...more
U.S. State Department announces international diplomacy strategy to promote digital solidarity. Recognizing emerging technologies and cyber threats as an inflection point for U.S. competition with geopolitical rivals, the...more
Companies should review their resiliency, vendors, suppliers, and plans for partnering with the FBI in case of a cyber event, says FBI. The People’s Republic of China (PRC) is positioning itself to “physically wreak havoc on...more
Joint guidance from the “Five Eyes” cybersecurity agencies provides best practices on securely deploying and operating AI systems. New guidance by the U.S. National Security Agency’s Artificial Intelligence Security Center,...more
CL0P is adopting “quadruple extortion” tactics. If your organization has received a ransomware demand, CL0P may be a familiar name. In 2023, CL0P was the third most prolific ransomware gang, after Lockbit and ALPHV....more
The California Privacy Protection Agency recently released updated draft regulations regarding cybersecurity audits under the California Consumer Privacy Act.
On November 8, 2023, the California Privacy Protection Agency...more
Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets....more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
Informants can net $15 million for information about leaders behind the ALPHV/Blackcat Ransomware.
The U.S. Department of State is offering rewards of up to $10 million for information leading to key leaders in the...more
Coyote, a new Brazilian malware, is currently hunting down credentials for sixty-one (61) different banking applications. Researchers expect the malware to spread internationally. Russian cybersecurity firm Kaspersky has...more
New vulnerability found in the boot process for Linux systems configured to boot over the network.
A high severity vulnerability could allow attackers to take over a Linux system. The vulnerability is in the shim software...more