NIST Works to Create AI Risk Management Framework

NIST Works to Create AI Risk Management Framework

Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development Agency Now Seeks Feedback to Help Address Governance Challenges Dan Gunderman (dangun127) • July 31, 2021     (Photo: Gerd Altmann/Pixabay) Citing a need to secure artificial intelligence technologies, the National Institute of Standards and Technology is working to…

Federal Government Signals Cybersecurity Focus in Initiatives

Federal Government Signals Cybersecurity Focus in Initiatives

The federal government is seeking to increase cybersecurity in critical infrastructure industries through the implementation of a voluntary Industrial Control Systems Cybersecurity Initiative (Initiative), while the US House of Representatives (House) concurrently focuses on the same goal by passing three bills aimed at enhancing cybersecurity. While it’s currently voluntary, it’s likely the Initiative—along with its…

NIST Works to Create AI Risk Management Framework

NIST Works to Create AI Risk Management Framework

Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development Agency Now Seeks Feedback to Help Address Governance Challenges Dan Gunderman (dangun127) • July 31, 2021     (Photo: Gerd Altmann/Pixabay) Citing a need to secure artificial intelligence technologies, the National Institute of Standards and Technology is working to…

Researchers Uncover New Android Banking Malware

Researchers Uncover New Android Banking Malware

Account Takeover Fraud , Cybercrime , Cybercrime as-a-service Threatfabric Says Vultur uses Screen Recording to Target Victims Akshaya Asokan (asokan_akshaya) • July 31, 2021     Vultur is spread disguised as a legitimate app in Google Play Store. (Source: Google Play) A newly uncovered banking Trojan dubbed “Vultur” is targeting Android users through screen recording…

Most Frequently Exploited CVEs Listed

Most Frequently Exploited CVEs Listed

Governance & Risk Management , Patch Management Experts Say Advisory Highlights Vulnerability Management Challenges Dan Gunderman (dangun127) • July 30, 2021     Source: CISA A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say. See Also:…

SolarWinds Hack Targeted Federal Prosecutors’ Emails

SolarWinds Hack Targeted Federal Prosecutors’ Emails

The emails of federal prosecutors’ offices around the country were hacked by Russian intelligence during the SolarWinds cyber attack. The Russian hackers had access to the emails of federal prosecutors in New York, California,  DC and other jurisdictions from May to December 2020. The Justice Department released the update to “increase transparency” with the public…

Most Frequently Exploited CVEs Listed

Most Frequently Exploited CVEs Listed

Governance & Risk Management , Patch Management Experts Say Advisory Highlights Vulnerability Management Challenges Dan Gunderman (dangun127) • July 30, 2021     Source: CISA A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say. See Also:…

New destructive Meteor wiper malware used in Iranian railway attack

New destructive Meteor wiper malware used in Iranian railway attack

A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards stating that trains…

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime New ‘Pay or Grief’ CryptoLocking Malware Is DoppelPaymer in Disguise, Experts Say Mathew J. Schwartz (euroinfosec) • July 30, 2021     The Grief ransomware operation’s dedicated data leak site (victims’ names redacted) The ransomware landscape constantly changes, which can make it…

Iranian Hackers Posed as Aerobics Instructors to Target Aerospace Employees

Iranian Hackers Posed as Aerobics Instructors to Target Aerospace Employees

TA456 was discovered as the perpetrator of a social engineering and targeted malware campaign on behalf of the Iranian government after spending years impersonating an aerobics instructor on Facebook, according to Proofpoint.  The Iranian state-sponsored cybercrime gang developed a contact with an employee working at a subsidiary of an aerospace defense contractor using the social…