TODAY'S TOP 5

TODAY'S TOP 5

NEW AI NATSEC TESTING TASK FORCE: The U.S. Artificial Intelligence Safety Institute at NIST announced the formation of the?Testing Risks of AI for National Security (TRAINS) Taskforce, which brings together partners from across the U.S. government to identify, measure and manage the emerging national security and public safety implications of rapidly evolving AI technology.

  • The task force will enable coordinated research and testing of advanced AI models across critical national security and public safety domains, such as radiological and nuclear security, chemical and biological security, cybersecurity, critical infrastructure, conventional military capabilities, and more.?
  • The announcement coincided with the inaugural convening of the International Network of AI Safety Institutes in San Francisco. The network agreed to a joint mission statement, announced more than $11 million in funding toward synthetic content research, revealed findings from the network’s first multilateral testing exercise, and released a joint statement on risk assessments of advanced AI systems.

HHS INFOSEC STRUGGLES: The Office of Inspector General said that Health and Human Services continued to have difficulty in identifying, detecting, responding to and recovering from threats to information security, Healthcare IT News reports . In its annual audit required by the Federal Information Security Modernization Act of 2014, OIG said it reviewed HHS programs and practices against its core and supplemental metrics.?Through the effort, it found that HHS was "not effective" in meeting maturity for all five function areas under the NIST framework for federal agencies – Identify, Protect, Detect, Respond and Recover – OIG said.

  • OIG made six recommendations to HHS to strengthen the agency’s information security program through improved oversight and information security controls implementation. HHS concurred with five of the recommendations.

Construction Mechanic 1st Class Matthew Ramirez, with Underwater Construction Team 2 Construction Dive Detachment Bravo (UCT2 CDDB), fastens protective split piping around submerged cables at the Pacific Missile Range Facility Barking Sands, Hawaii, on July 6, 2016.?(U.S. Navy combat camera photo by Mass Communication Specialist 1st Class Charles E. White)

CABLE THREATS NUDGE FCC ACTION: The Federal Communications Commission is expected to approve a proposal that would seek public feedback on ways to tighten national security standards and streamline oversight of undersea internet cable systems that route nearly all of the world’s internet traffic, Nextgov/FCW reports . Global maritime “hot spots” that have been getting attention — namely the Red Sea, South China Sea and Baltic Sea — motivated interest around the proposed rulemaking, which has been in the works for some time, FCC Chairwoman Jessica Rosenworcel said.

  • “We need to reassess what our framework is for overseeing them and make sure that we improve security and reliability of our processes that are associated with them,” Rosenworcel said. The proposal would notably require reviews of cable licensees every three years, a major time reduction compared to the current 25-year review period.

SPIES AND NETWORK SECURITY: When the digital wiretap law was passed in 1994, no one foresaw the kind of sophisticated intrusions apparently developed by the Chinese. It is an experience that we must remember as the design of digital network technology continues to evolve, former FCC Chairman Tom Wheeler writes at the Brookings Institution .?The O-RAN concept is an important step forward that will deliver increased capabilities at decreased costs. Accompanying these advantages, however, is the challenge to mitigate the increased risk of cyberattacks resulting from software that relies in part on open-source code running on commodity hardware.?

CONTRACTOR CYBER BILL ADVANCES: A bill that would require federal contractors to implement vulnerability disclosure policies that comply with NIST guidelines?cleared a key Senate panel Wednesday, setting the bipartisan legislation up for a vote before the full chamber, CyberScoop reports .?

  • The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 from Sens. Mark Warner (D-Va.) and James Lankford (R-Okla.) would formalize a structure for contractors to receive vulnerability reports about their products and take action against them ahead of an attack. Warner said that vulnerability disclosure policies, or VDPs, “are a crucial tool used to proactively identify and address software vulnerabilities,” and that this bill would “better protect our critical infrastructure and sensitive data from potential attacks.”

CYBER FOCUS PODCAST

(

In the latest episode of Cyber Focus , host Frank Cilluffo sits down with former Deputy Assistant National Cyber Director Cheri Caddy, a McCrary senior fellow and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering and the importance of regulatory harmonization in addressing these challenges.

SUBSCRIBE TO CYBER FOCUS:?YouTube ?|?Spotify ?|?Apple Podcasts

CYBER AND CI UPDATES


ATTACKS AND INCIDENTS

Breaches

San Francisco Ballet hacked data posted for sale by two ransomware gangs

The iconic San Francisco Ballet Company has been reportedly breached by not one, but two ransomware groups – Meow and INC Ransom – and now it appears the personal information of company staff and dancers is being sold on the dark web. The California ballet company was first claimed by the Meow ransomware group sometime over the past few weeks, although the gang’s leak site did not provide a date on its victim post. (CYBERNEWS.COM )

T-Mobile caught hackers early, averting data leak

T-Mobile was able to contain a recent network breach before it reached customers’ phones, according to people familiar with the matter. Hackers accessed edge-routing infrastructure and gained unauthorized access to a limited number of devices, including a T-Mobile-owned-and-operated router, according to the people, who asked not to be identified discussing nonpublic information. When T-Mobile detected the suspicious activity, it booted the hackers from its systems. (BLOOMBERG/ FINANCE.YAHOO.COM )

Cybercrime

U.S. charges 5 members of Scattered Spider hacking group

Federal prosecutors allege that the five suspects sent SMS text messages to employees at companies they sought to breach. The texts looked like official alerts and told employees that their accounts were about to be deactivated unless they took action. In reality, the text messages redirected victims to web pages designed to trick the employee into giving up their work logins. (PCMAG.COM )

Ghost Tap: Hackers exploiting NFCGate to steal funds via mobile payments

These attacks typically work by tricking victims into downloading mobile banking malware that can capture their banking credentials and one-time passwords using an overlay attack or a keylogger. Alternatively, it can involve a voice phishing component. Once in possession of the card details, the threat actors move to link the card to Google Pay or Apple Pay. (THEHACKERNEWS.COM )

Infamous threat actor targets Tesla, gets immediately roasted by cyber pros

A thread said that IntelBroker worked through various systems to reach four Azure storage buckets that supposedly held files containing customer data. There were allegedly 116,000 rows of customer data originating from the Middle East and the United Arab Emirates. However, this data most likely doesn’t come directly from Tesla as it includes different car brands, locations, and charging station providers. (CYBERNEWS.COM )

IoT

'Water Barghest' sells hijacked IoT devices for proxy botnet misuse

A cybercriminal group is exploiting vulnerabilities in?Internet of Things (IoT) devices?and then turning a tidy profit by putting them up for sale on a residential proxy marketplace, where they can be turned into proxy botnets by state-sponsored advance persistent threats (APTs) and other malicious actors. (DARKREADING.COM )

Leaks

U.S. and UK military social network ‘Forces Penpals” exposes SSN, PII data

Forces Penpals, a dating service and social network for members of the US and UK armed forces and their supporters since 2002, was found leaking personal details of over 1.1 million registered users. This issue was identified by Jeremiah Fowler, a prominent cybersecurity researcher recognized for uncovering and advising on securing?misconfigured cloud servers?and databases. (HACKREAD.COM )

Password spray

Attackers wield password-spray attacks to zero-in on targets, research finds

Password-spray attacks yielded prolific results for attackers across multiple sectors in North America and Europe during Q2 and Q3, the Trellix Advanced Research Center said in a?Wednesday research report. The attack surface for password-spray attacks is vast, Trellix found. Attackers commonly target cloud-based systems and most frequently targeted password-spray attacks at education, energy and transportation organizations during the six-month period. (CYBERSECURITYDIVE.COM )

Phishing

60% of emails with QR codes classified as spam or malicious

Cisco Talos, the firm behind the findings, highlighted the deceptive techniques used by attackers. Among them is the creation of “QR code art,” a method where functional QR codes are blended into visually appealing designs. The research also showed that while QR codes represent only 0.01% to 0.2% of all global email traffic – roughly one in 500 emails – they are disproportionately effective at bypassing security filters. (INFOSECURITY-MAGAZINE.COM )

New AI-driven copyright phishing campaign detected

A new cyber attack campaign is using AI and Gmail to target consumers and corporations. The campaign, called “CopyRh(ight)adamantys,” delivers a financially motivated payload using a sophisticated variant of the Rhadamanthys information stealer malware. The attackers use dedicated Gmail accounts to send phishing emails that appear to be from legitimate organizations. (DMNEWS.COM )

Prevention

Poor cyber hygiene enabled nearly 30% of cyberattacks last quarter

The?Corvus report?found that of the organizations that suffered cyberattacks last quarter — including in the government, construction and health care sectors — many were still using common usernames such as “admin” or “user” and that they frequently lacked multi-factor authentication. These inadequate cyber protections made their network accounts more susceptible to automated brute-force attacks, the report concludes. (STATESCOOP.COM )

Recovery

Mega U.S. healthcare payments network restores system 9 months after ransomware attack

Change Healthcare’s $2 billion recovery is still a work in progress. In an ordinary year, the healthcare organization handles 15 billion transactions – the most of any clearinghouse in the U.S. Its February ransomware attack by ALPHV/Blackcat led to a financial impact on a whopping 94 percent of hospitals the following month, according to the American Hospital Association (AHA). (THEREGISTER.COM )


THREATS

Artificial intelligence

One deepfake digital identity attack strikes every five minutes

By utilizing the AI-powered technology in this way, fraudsters can bypass identity verification during Know Your Customer (KYC) checks, to open new accounts and hijack existing ones. They do so via “injection attacks” which insert fake content into the data stream between user and service provider. (INFOSECURITY-MAGAZINE.COM )

OWASP warns of growing data exposure risk from AI in new top 10 list for LLMs

Another significant change to the list is ‘supply chain vulnerabilities,’ moving from fifth to the third most critical risk to these tools. OWASP highlighted that LLM supply chains are susceptible to various vulnerabilities, which can affect the integrity of training data, models and deployment platforms. This can result in biased outputs, security breaches or system failures. (INFOSECURITY-MAGAZINE.COM )

Critical infrastructure

Former Georgia poll worker indicted for mailing bomb threat to polling place

The indictment alleges that Nicholas Wimbish falsely told the FBI that he believed a Jones County voter he interacted with sent the letter and that he had not conducted online research on himself. The letter was found on Wimbish’s computer. (JUSTICE.GOV )

(U.S. Cyber Command)

Exercises

U.S. Cyber Command executes International Coordinated Cyber Security Activity 2024

INCCA is a key part of USCYBERCOM’s mission to protect DoD information networks, systems, and infrastructure from evolving cyber threats. The operation involves globally deployed defensive cyber teams working to detect, mitigate, and share threat intelligence on malware and vulnerabilities targeting DoD networks.?(CYBERCOM.MIL )

Ransomware

Cybercriminals exploit weekend lull to launch ransomware attacks

Ransomware gangs are increasingly targeting weekends and holidays, when cybersecurity teams are typically less staffed, according to a new report from Semperis. The cybersecurity firm said that 86% of study participants who experienced a ransomware attack were targeted on a weekend or?holiday, when staffing is most likely to be reduced. Even though 96% of surveyed organizations maintained a security operations center (SOC) 24/7, 85% reduced SOC staffing by as much as 50% on holidays and weekends. (INFOSECURITY-MAGAZINE.COM )

Scams

Amazon and Audible flooded with 'forex trading' and warez listings

There are several listings on Amazon's websites including amazon.com , amazon.co.uk , amazon.com.au and Amazon Music that?promote dubious "forex trading" schemes and link to "warez" sites. Spammers are additionally abusing Audible podcasts as?another vector to promote their illicit operations. (BLEEPINGCOMPUTER.COM )

Dark side of deals: Emerging scams for Black Friday, Cyber Monday and Giving Tuesday

Time-pressured "flash sales" are often used to rush consumers into providing personal information or downloading malicious apps or files. Almost all scams have a level of time-pressure associated with them, but during this period, “buy now or lose the deal forever,” is most common.?(KNOWBE4.COM )

Vulnerabilities

MITRE shares 2024's top 25 most dangerous software weaknesses

To create this year's ranking, MITRE scored each weakness based on its severity and frequency after analyzing 31,770 CVE records for vulnerabilities that "would benefit from re-mapping analysis" and reported across 2023 and 2024, with a focus on security flaws added to CISA's?Known Exploited Vulnerabilities (KEV)?catalog. (BLEEPINGCOMPUTER.COM )

Decades-old security vulnerabilities found in Ubuntu's needrestart package

The Qualys Threat Research Unit (TRU), which?identified and reported?the flaws early last month, said they are trivial to exploit, necessitating that users move quickly to apply the fixes. The vulnerabilities are believed to have existed since the introduction of interpreter support in?needrestart 0.8, which was released on April 27, 2014. (THEHACKERNEWS.COM )


ADVERSARIES

China

U.S. agencies urged to combat growing Chinese cyberthreat

Threat actors linked to Beijing are intensifying sophisticated espionage campaigns and hacking operations targeting U.S. critical infrastructure and top officials, cybersecurity experts testified during a Senate Judiciary Committee hearing Tuesday. But agencies can be doing more to meet the moment and defeat growing cyber threats, according to Adam Meyers, senior vice president of counter adversary operations for CrowdStrike. (GOVINFOSECURITY.COM )

Xi promotes a ‘shared future in cyberspace’ at internet forum amid rising U.S.-China tech tensions

Vice-Premier Ding Xuexiang echoed Xi’s message at the forum, emphasising the need for global coordination in Internet governance. Ding underscored the transformative role of AI, big data, and cloud computing in driving economic and social progress but acknowledged the challenges of a growing “digital divide” and worsening cybersecurity threats.?(TECHEDIT.COM )

DOD leaders link up with counterparts in Asia — but China declines U.S. invite to connect

“I regret that the PRC chose not to meet here. The PRC decision is a setback for the whole region. As I’ve said consistently, the right time to meet is anytime now,” Defense Secretary Lloyd Austin told reporters in a press briefing late Wednesday after his meetings at the ADMM-Plus concluded. (DEFENSESCOOP.COM )?

Russia

Russian women stepping up for cybercrime outfits

Women are increasingly stepping up to fill roles in Russian-speaking cybercrime outfits, according to research from the Sans Institute, which found that women are increasingly taking on top roles within threat actor groups. This is particularly the case with the younger generations, as women have been seen taking charge of operations such as malware administration. One such example is Alla Witte, a cybercriminal said to have been a key figure in the TrickBot malware operation. (SCWORLD.COM )


GOVERNMENT AND INDUSTRY

Artificial intelligence

Interagency task force established to advance international engagement on content authentication

Led by the Department of State,?this task force?will make it easier for people to determine how and when digital content, such as videos, images, or audio, has been altered, generated, or manipulated using AI tools.??As the information environment extends beyond borders,?the task force will work with international governments and partners to drive technical transparency standards, build capacity, and increase public awareness about AI-enabled digital content.?(STATE.GOV )

IT leaders are less AI-ready than they were a year ago, says Cisco report

Virtually all the businesses polled in Cisco's?AI Readiness Index?reported increased urgency to deliver on AI, and 85% say they believe they have less than 18 months to act. Six in ten are feeling even more pressure, believing they have to deliver within 12 months. However, they feel even less ready to adopt AI than they were last year, with only 13% saying they're fully ready to capture AI's potential – down from 14% a year ago. (ITPRO.COM )

Critical infrastructure

International cooperation strengthens global infrastructure

In addition to joining forces with domestic partners — across DHS and other federal agencies, as well as our state and local counterparts — DHS S&T also work closely with all international partners to harness innovation. Any differences faced in respective contexts become assets that contribute to more robust technology solutions to protect frontline operators and communities. (DHS.GOV )

U.S. Air Force Lt. Col. Nathaniel Steward, 11th Air Task Force chief of staff, uses a counter-unmanned aerial system while Senior Airman Thalia Gonzales, 355th Communications Squadron radio frequency transmission systems technician, visually tracks the UAS at McGregor Range, New Mexico, on Nov. 8, 2024. (U.S. Air Force photo by Airman 1st Class Jasmyne Bridgers-Matos)

Drones

Nets, jamming and ‘cyber scalpels’: Pentagon weighs homeland counter-drone tech in mountain tests

The Pentagon has?documented hundreds of suspected drone incursions?at military facilities in the last few years, even if many are thought to be the work of hobbyists. “By all indications, sUAS will present a safety and security risk to military installations and other critical infrastructure for the foreseeable future,” said NORTHCOM chief Gen. Gregory Guillot. (BREAKINGDEFENSE.COM )

DIU announces software awards for AI-enabled drone swarms

The Defense Innovation Unit on Wednesday?announced?new prototype awards for software to enable better command and control and autonomous drone swarm operations. It’s part of the Replicator program, which is working to field large numbers of cheap, highly autonomous drones to deter Chinese military activity in the Pacific.?(DEFENSEONE.COM )

Energy

Local transmission spending soars nationwide amid ‘serious absence of cost containment’

Despite their overall cost, local transmission projects don’t receive a meaningful review from grid operators or the Federal Energy Regulatory Commission, and state regulators typically have little oversight over them, according to RMI.?Local transmission projects are developed separate from regional transmission planning. (UTILITYDIVE.COM )

Phishing

USDA stops credential phishing with FIDO authentication

CISA and the USDA released a?case study?that details the USDA’s deployment of FIDO capabilities to approximately 40,000 staff. While most of their staff have been issued government-standard Personal Identity Verification (PIV) smartcards, this technology is not suitable for all employees. This case study outlines the challenges the USDA faced, how they built their identity system, and their recommendations to other enterprises. (CISA.GOV )

Regulations

EU Cyber Resilience Act focuses on elevating cybersecurity standards for digital products across Europe

The EU Cyber Resilience Act has been officially published in the Official Journal of the European Union, initiating the countdown for implementing cybersecurity regulations. The legislation?establishes?comprehensive cybersecurity standards for products with digital components, focusing on connected devices, as a secure internet is ‘indispensable’ for the functioning of critical infrastructures and society as a whole. It outlines the conditions for developing secure digital products by ensuring that hardware and software are marketed with minimal vulnerabilities. (INDUSTRIALCYBER.CO )

Social media

UK says a new law banning social media for under-16s is 'on the table'

It comes as Ofcom prepares to implement and enforce the United Kingdom’s?Online Safety Act?next year. The law aims to force technology companies to tackle harmful online activities, but has prompted significant controversy particularly around its provisions on end-to-end encryption. (THERECORD.MEDIA )

Supply chain

African reliance on foreign suppliers boosts insecurity concerns

Every night for five years, computers and network appliances from the headquarters of the African Union in Ethiopia —?a facility built by Chinese firms —?reportedly reached out?to China-based systems and uploaded sensitive data. The espionage through the technology supply chain, which China's government denies, undermined the security of the pan-African organization. (DARKREADING.COM )

Workforce

CISOs can now obtain professional liability insurance

The policies, which can be obtained on behalf of a company or through a CISO themselves, can cover consulting done for the organization and subsidiaries, as well as moonlighting or pro bono IT security work. The CISO role is one that is under increasing legal scrutiny, especially after high-profile security incidents.?(CYBERSCOOP.COM )

LEGISLATIVE UPDATES

DoD, Hill eye CMMC tax credit for smaller defense contractors

Draft legislation on Capitol Hill would grant some smaller businesses a tax credit to help defray the costs of complying with the Defense Department’s impending Cybersecurity Maturity Model Certification program. The legislation is aimed at addressing longstanding concerns that CMMC compliance costs will force smaller companies to exit the defense business. The?draft bill,?the “Small Business Cybersecurity Act of 2024,” would allow companies with 50 or less employees to claim a tax credit of up to $50,000 for CMMC costs. (FEDERALNEWSNETWORK.COM )

MORE: House lawmaker wants to do away with Pentagon’s CMMC program (FEDERALNEWSNETWORK.COM )

WORLDWIDE THREATS HEARING: On Nov. 21 , the Senate Homeland Security and Governmental Affairs Committee will hear from agency leaders in a hearing to review current threats to the homeland.

EVENTS

OPERATIONAL TECHNOLOGY: Join government leaders and industry experts on Dec. 3 in Washington, D.C., to explore advanced strategies for protecting U.S. operational technology and critical infrastructure and understand the biggest threats facing these sectors today.

MARITIME CYBERSECURITY: The National Maritime Security Advisory Committee will conduct a virtual meeting Dec. 3 to discuss new Committee taskings on Cybersecurity Regulation Implementation, Regulatory/Navigation and Vessel Inspection Circular Revisions, and Homeport Modernization.

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE ?|?SPOTIFY ?|?APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE


要查看或添加评论,请登录