CyberSecure Specialist

19 Sep

Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST

Insights

The rapid proliferation of Artificial Intelligence (AI) promises significant value for industry, consumers, and broader society, but as with many technologies, new risks  from these advancements in AI must be managed to realize it’s full potential. The NIST AI Risk Management Framework  (AI RMF) was developed to manage the benefits and risks to individuals, organizations, and society associated with AI and covers a wide range of risk ranging from safety to lack of transparency and accountability.…

Read More
18 Sep

AI security bubble already springing leaks

Information

Digital Security Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one Cameron Camp 16 Sep 2024  •  , 3 min. read That was fast. While the RSA Conference was oozing AI (with or without merit) from every orifice, the luster faded quickly. With a recent spate of AI-infested startups launching against a backdrop of pre-acquisition-as-a-service posturing, and stuffed with caches of freshly minted “AI experts”…

Read More
18 Sep

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Information, Insights

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who…

Read More
17 Sep

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Attacks, Insights, Malware

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products. CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their…

Read More
16 Sep

New CISA Plan Aligns Federal Agencies in Cyber Defense

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and system architectures—and they independently manage their cyber risk. CISA’s FOCAL plan aligns the federal enterprise, empowering agencies to better address the…

Read More
14 Sep

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

Information

Video, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of the LockBit ransomware gang for its own ends. Also, the analysis revealed that CosmicBeetle is likely to be a new…

Read More
13 Sep

The Dark Nexus Between Harm Groups and ‘The Com’

Information, Insights

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023. It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that…

Read More
13 Sep

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

Attacks, Insights, Malware

CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the…

Read More
13 Sep

Ivanti Releases Security Update for Cloud Services Appliance

Attacks, Insights, Malware

Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system.   At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life).  CISA recommends users and administrators review…

Read More
12 Sep

6 common Geek Squad scams and how to defend against them

Information

Scams Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks Phil Muncaster 11 Sep 2024  •  , 5 min. read For three decades, Geek Squad has been a trusted name in tech for anyone needing IT support. The Best Buy subsidiary dispenses diagnostics, repairs and advice to consumers across the US in-store and online – including 24-hour emergency support. But like many…

Read More