CISA leads first tabletop exercise for AI cybersecurity
The exercise was led by the Joint Cyber Defense Collaborative, which is a branch of CISA that works closely with industry. Fifty AI experts from 15 companies and several international cyber defense agencies were involved. This was a four-hour exercise intended to contribute knowledge to the security incident collaboration playbook, which is set to be released at the end of 2024. The goal of the exercise was to understand “what makes up AI-enabled or AI-related cybersecurity incidents, determining what types of information-sharing is needed and how industry can best work with the government, and vice versa. “A cyber incident could mean an AI system itself is jeopardized, or another system created by an AI is under threat,” said Clayton Romans, associate director of the Joint Cyber Defense Collaborative at CISA.
(Cyberscoop)
Keytronic confirms data breach after ransomware gang leaks stolen files
One of the largest manufacturers of printed circuit board assemblies, Keytronic suffered a breach caused by the Black Basta ransomware gang two weeks ago. The incident resulted in 530GB of stolen data, and according to a filing with the SEC released late Friday, interfered with business applications that supported corporate activities, forced the company to shut down domestic and Mexico operations for two weeks, and resulted in the theft of data including personally identifiable information. Keytronic has also confirmed that “the attack and loss of production will have a material impact on the company’s financial condition during the fourth quarter ending June 29, 2024.
(BleepingComputer)
New Linux malware controlled through Discord emojis
Named DISGOMOJI, the malware has been observed using emojis to execute commands on infected devices in attacks on government agencies in India. According to BleepingComputer, “the malware was discovered by cybersecurity firm Volexity, which believes it is linked to a Pakistan-based threat actor known as UTA0137.” This is a group that is known for conducting cyberespionage activities. Volexity discovered a UPX-packed ELF executable in a ZIP archive, which they believe was distributed through phishing emails. “Volexity believes that the malware targets a custom Linux distribution named BOSS that Indian government agencies use as their desktop.”
(BleepingComputer)
Scattered Spider hacker arrested in Spain
A 22-year-old UK resident, Tyler Buchanan, was arrested last week in the Spanish city of Palma de Mallorca while on his way to board a flight to Italy. The arrest was the result of collaboration between the FBI and Spanish police. Buchanan is believed to have worked on a number of attacks for Scattered Spider and operates as a SIM swapper under the alias “Tyler.” He is the second Scattered Spider member to have been arrested. Noah Michael Urban, who was arrested last year, charged by the U.S. Justice Department in February with wire fraud and aggravated identity theft for offenses.
(The Hacker News)
ASUS fixes critical remote authentication bypass bug in routers
These fixes address a vulnerability with a CVSS score of 9.8 which affects seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication. A link to a story containing the router model names and further details on the vulnerability are available in the show notes to this episode.
(Security Affairs)
Smishing Triad extends its reach
A cautionary tale out of Pakistan this past week. The country is being targeted by a threat actor called the Smishing Triad, which had been operating in the Middle East. According to Resecurity, the group, believed to be based in China, sends malicious messages to customers of mobile carriers via iMessage and SMS, with the goal of stealing personal and financial information. The messages inform victims of a failed package delivery, and although there’s nothing new in that, these scams primarily target individuals who are expecting legitimate packages from reputable courier services such as TCS, Leopard, and FedEx.
(The Hacker News)
Vermont governor rejects data privacy bill
Vermont Governor Phil Scott has vetoed consumer privacy legislation that would give individuals the right to sue companies that violate their data privacy rights. Vermont’s General Assembly is scheduled to meet today, Monday, and may override the veto, and if it does so, the state will join a small group of 18 states that offer strong comprehensive data privacy rights to its residents. In explaining his veto, Governor Scott called the measure one that would make Vermont “more hostile than any other state to many businesses and nonprofits.”
(The Record)
Microsoft announces security changes for Outlook personal accounts
Forming part of its brand, Secure Future Initiative, these enhancements for Outlook personal email accounts include the deprecation of basic authentication (username and password) by September 16, and end to support for Mail and Calendar apps on Windows, the deprecation of Outlook Light, and the removal of users’ ability to access Gmail accounts via Outlook.com. Basic Authentication, which means username and password will also be eliminated for Hotmail.com and Live.com. Basic auth credentials will be replaced by token-based authentication backed by multi-factor authentication (MFA).
(BleepingComputer)
Main source: cisoseries.com
