SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
SecurityWeek
In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions
US officials raised concerns on China’s “misuse of AI” while Beijing’s representatives rebuked the US over “restrictions and pressure” on AI.
The Record
Cyber trust label could be in place by end of the year, White House says
The Biden administration hopes to have consumer devices that have been approved by a voluntary cybersecurity labeling program on store shelves soon.
The Record
Is this Iowa congressman the next House Republican point man on cyber?
Rep. Zach Nunn arrived in Congress with arguably more cyber experience than any other new member in history. Can he fill the shoes of Rep. Mike Gallagher, the party's longtime House leader on cybersecurity issues?
SC Magazine
Royal Tiger robocall gang impersonated feds, banks, utilities, FCC says
The FCC has smacked the group with a first-of-its-kind threat classification for its persistent, fraudulent activity.
SecurityWeek
China and US Envoys Will Hold First Top-Level Dialogue on Artificial Intelligence
Envoys from the United States and China will meet in Geneva for talks about artificial intelligence, including the risks of the fast-evolving technology.
CyberNews
Russia-linked group incorporating AI in its new automated propaganda machine
A Russia-linked group is automating fake news fabrication and publishing with AI.
The Record
FCC designates first robocall threat actor under new classification system
A robocall group labeled Royal Tiger is the first classified as a Consumer Communications Information Services Threat (C-CIST) by the FCC.
CyberSecurity Dive
White House wants to hold the software sector accountable for security
Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.
CyberSecurity Dive
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
CyberSecurity Dive
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
CSO
US doing all it can to manage global cybersecurity threats, secretary of state tells RSAC
The US government is moving to address the challenges of quantum computing, cloud strategies, and generative AI, Anthony Blinken said in a speech that was light on specifics.
The Record
Cyber director sees potential for a new era in White House office
The Office of the National Cyber Director has had four different leaders in less than a year. The current chief, Harry Coker, says it can move past that turmoil by sticking to its marching orders.
CyberNews
TikTok and ByteDance file lawsuit to block US divest-or-ban bill
TikTok and Chinese parent company ByteDance filed suit in US federal court seeking to block a law that would force the company to divest from TikTok or face a ban.
CyberScoop
ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks
Evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware and AI were the top trends, the office reported.
DarkReading
Feds: Reducing AI Risks Requires Visibility & Better Planning
While attackers have targeted AI systems, failures in AI design and implementation are far more likely to cause headaches, so companies need to prepare.
The Cyber Express
U.S. Unveiled International Cyberspace and Digital Policy Strategy at RSAC 2024
The U.S. Secretary of State Antony Blinken unveiled an International Cyberspace and Digital Policy Strategy on Monday, outlining the Biden
CyberSecurity Dive
CISA, FBI urge software companies to eliminate directory traversal vulnerabilities
The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools.
Infosecurity News
Securing Foundational Tech Critical to Upholding Democratic Values
US Secretary of State Antony Blinken said that the US and its allies must ensure foundational technologies are used for the betterment of society
The Record
RSA Conference 2024 [Live Updates]
Recorded Future News will be providing live coverage from the 2024 RSA Conference in San Francisco.
The Record
Volt Typhoon operation came up 'directly' in U.S.-China talks, ambassador says
Nathaniel Fick, the State Department’s ambassador-at-large for cyberspace and digital policy, told reporters at the RSA Conference that U.S. and Chinese officials "did speak about Volt Typhoon directly" during a recent meeting.
CyberSecurity Dive
How can AI companies navigate a complex regulatory framework? — Compliance Labels
The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.
The Record
Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’
U.S. Secretary of State Antony Blinken told the audience at the 2024 RSA Conference in San Francisco about the Biden administration's broad plan to build “digital solidarity” with allies and partners.
SC Magazine
RSAC 2024: US Secretary of State Blinken advocates solidarity, not sovereignty, for cyber
By promoting a vision of cooperation and innovation, the U.S. can best navigate the complexities of AI and quantum computing and safeguard domestic private and public interests, Blinken said.
DarkReading
Software Security: Too Little Vendor Accountability, Experts Say
Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.
SecurityWeek
Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI
Japan's Prime Minister unveiled an international framework for regulation and use of generative AI, adding to global efforts on governance.
The Record
NSC’s Neuberger on mitigating cyberattacks: ‘We should be using an operational approach’
Anne Neuberger, deputy national security adviser for cyber, talks with the Click Here podcast team about the big picture for mitigating cybersecurity risk in the U.S., the growing cyberthreat from China, the government's relationship with Microsoft and the White House’s latest cyber initiatives.
CSO
NIST publishes new guides on AI risk for developers and CISOs
Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals.
SC Magazine
China's attacks on critical infrastructure ‘tip of the iceberg'
CISA Director Jen Easterly told lawmakers that Chinese cyberespionage threats warrants budget boost.
Infosecurity News
US Government Releases New Resources Against AI Threats
The US Department of Homeland Security has released new guidelines for securing critical infrastructure and CBRN from AI threats
Infosecurity News
FCC Fines Carriers $200m For Selling User Location Data
Some of America’s biggest wireless carriers illegally sold customer location, says FCC
CyberSecurity Dive
At Microsoft, years of security debt come crashing down
Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.
CyberNews
Survey: Americans think social media companies have too much power
In a rare case of bipartisanship in America, 78% of respondents to a survey by the Pew Research Center said social media companies had too much influence on politics.
The Record
FBI searched Section 702 database half as much in 2023, Biden administration says
The number of FBI searches of the database of a warrantless surveillance program was cut more than in half last year, according to a U.S. intelligence report.
The Record
On CISA's role in protecting critical infrastructure, White House sticks to the script
President Joe Biden signed an update to Presidential Policy Directive 21 (PPD-21) that does not expand the list of industries that fall under CISA's mandate to protect critical infrastructure.
SC Magazine
Defending infrastructure, securing systems key to CISA's new AI guidelines
The guidelines are part of Homeland Security’s ongoing efforts to reduce the risks, and maximize the benefits of artificial intelligence.
Ars Technica
Critics question tech-heavy lineup of new Homeland Security AI safety board
CEO-heavy board to tackle elusive AI safety concept and apply it to US infrastructure.
SecurityWeek
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.
SecurityWeek
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
History of TikTok and how it many view it as a national security threat based on connections to China.
CyberSecurity Dive
FTC broadens health breach notification rule
Regulators have been pursuing more enforcement actions against health applications sharing consumers’ data. Friday’s final rule should give those actions more heft.
The Cyber Express
TCE Cyberwatch: From Ransomware to Deepfakes, This Week’s Top Cybersecurity Threats
This week's TCE Cyberwatch delves into a range of pressing cybersecurity issues impacting the world today. From the rise of
SecurityWeek
In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.
The Record
DHS announces AI safety board with OpenAI founder, CEOs of Microsoft, Nvidia, IBM
The Artificial Intelligence Safety and Security Board will include representatives of tech companies, critical infrastructure entities, academia, government agencies and “leaders in the civil rights, civil liberties, and privacy communities,” said Homeland Security Secretary Alejandro Mayorkas.
The Record
Congress picked a direct fight with ByteDance and TikTok. The privacy implications are less clear.
Lawmakers sought to keep Americans' data out of the Chinese government's hands. For privacy advocates and others, though, the new TikTok law raises bigger questions.
Ars Technica
School athletic director arrested for framing principal using AI voice synthesis
Police uncover plot to defame principal with AI-generated racist and antisemitic comments.
The Record
More than 800 vulnerabilities resolved through CISA ransomware notification pilot
The cyber agency made nearly 1,800 notifications in 2023 to organizations with internet-exposed devices vulnerable to ransomware attacks.
CyberNews
TikTok CEO vows to 'prevail' and defeat US restrictions
TikTok CEO Shou Zi Chew expects to win a legal challenge to block divest-or-ban legislation signed into law by President Joe Biden and Congress.
CyberNews
US Senate passes TikTok divestment-or-ban bill
The US Senate voted in favor of legislation that would ban TikTok in the United States.
Infosecurity News
US Congress Passes Bill to Ban TikTok
The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate
CyberNews
New report: 52% of Americans have faced political scams in past 12 months
As the US election season gathers speed, a survey reveals that more than half of Americans have experienced political scams – even though most are unsure how they work.
CyberNews
FTC votes for noncompetes ban, companies preparing to fight back
In a move that could unlock new career opportunities for more than 30 million Americans, the Federal Trade Commission (FTC) has voted 3-2 to ban non-compete clauses.
Bleeping Computer
US imposes visa bans on 13 spyware makers and their families
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February.
The Record
US accuses four Iranians of targeting defense contractors
The U.S. Treasury issued sanctions and the Justice Department announced charges against four men accused of working for the cyber division of the Iranian Islamic Revolutionary Guard Corps.
The Record
US glacial response to Nigeria’s detention of former IRS crypto investigator rankles federal agents
Nigeria detained former IRS investigator Tigran Gambaryan in February for crimes it says his company, Binance, committed. Current and former agents have cried foul and are asking why the U.S. government isn’t doing more for one of its own.
CyberNews
TikTok ban gets closer after House vote, but long legal battle awaits
The US House has again voted to ban TikTok in the country if its Chinese owner doesn’t sell its stake. But TikTok will not go down without a fight.
CyberNews
Global lottery of memecoins swings between new asset class and scams
The emergence of memecoins as an asset class of their own and the scams that come with them
The Record
HHS strengthens privacy protections for reproductive health patients and providers
The rules will bar doctors, insurers and other health-care groups from making health information available to state officials investigating, prosecuting, or filing a lawsuit against a patient or provider.
The Record
America's cyber ambassador on how to spend $50 million in foreign aid
“We need to demonstrate in the year ahead … that we are generating outsized returns for the United States and for our allies and partners" in areas like security and internet capacity, says Nathaniel Fick, the U.S. ambassador-at-large for cyberspace and digital policy.
The Record
Renewal of surveillance law clears Congress minutes before deadline
The White House says President Joe Biden will sign the bill to reauthorize Section 702 of FISA.
The Record
Warrantless spying powers extended to 2026 with Biden’s signature
The president signed legislation that imposes modest changes to the Section 702 of the Foreign Intelligence Surveillance Act.
DarkReading
FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat
Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.
SecurityWeek
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability.
CyberNews
Suspicious domains targeting Trump and Biden on the rise – interview
At least 11,974 suspicious domains targeting former President Donald Trump or President Joe Biden have been created since the beginning of last year.
The Record
Senators push forward with Section 702 legislation as deadline looms
The vote comes as the Biden administration and Section 702's congressional supporters engage in a new fight with privacy hawks over a provision that would alter the definition of “electronic communication service providers,” or ECSPs.
Ars Technica
Russian US election interference sowing discord over Ukraine kicks into gear
To a lesser extent, China and Iran also peddle disinfo in hopes of influencing voters.
Infosecurity News
US Government and OpenSSF Partner on New SBOM Management Tool
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations
The Cyber Express
HHS Scrambles to Patch Security Hole After $7.5 Million Cyberattack
Following a cybersecurity incident dubbed as an indirect ‘HHS data breach’, and theft of funds, the U.S. Department of Health
The Record
Vote looms on bill to curtail government transactions with data brokers
The House was expected to consider the bipartisan Fourth Amendment is Not for Sale Act, which has a companion bill in the Senate. Biden administration officials have denounced the legislation on national security grounds.
The Record
Russian disinformation efforts around U.S. elections ‘kicked into gear over the last 45 days’: Microsoft
The campaigns are reminiscent of efforts in 2020 with a “renewed focus on undermining US support for Ukraine” as well as attempts to turn U.S. citizens against NATO and to foster domestic infighting.
Ars Technica
Why the US government’s overreliance on Microsoft is a big problem
Microsoft continues to get a free pass after series of cybersecurity failures.
CyberSecurity Dive
Top officials again push back on ransom payment ban
In lieu of a ban, the Institute for Security and Technology advises governments to achieve 16 milestones, most of which are already in place or in the works.
SecurityWeek
House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes
The House voted to reauthorize and reform a key U.S. government surveillance tool following debate over whether the FBI should be restricted from using the program to search for Americans’ data.
SecurityWeek
US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race
Military planners are gearing up for warfare where squadrons of drones using AI work together like a swarm of bees to overwhelm an enemy.
SecurityWeek
House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval
House Republicans will try again to advance FISA Section 702 that would reauthorize a crucial national security surveillance program.
CyberScoop
Six-year old bug will likely live forever in Lenovo, Intel products
A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.
CyberScoop
Six-year old bug will likely live forever in Lenovo, Intel products
A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.
SecurityWeek
Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool
Officials say Section 702 of the Foreign Intelligence Surveillance Act is crucial in disrupting terror attacks, cyber intrusions and espionage.
DarkReading
Japan, Philippines, US to Share Cyber Threat Intel
Following China's attacks on critical infrastructure in the region, US reportedly will share cybersecurity threat information with both countries.
The Record
Prominent US senator sees new momentum for healthcare cybersecurity push
As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector.
The Record
CISA to expand automated malware analysis system beyond government agencies
CISA's Malware Next-Gen service has been available to federal government and military workers since November.
The Record
House sets up debate on Section 702 bill, along with votes on proposed changes
A vote is expected later in the week on revised legislation to reauthorize a controversial surveillance program, breaking a stalemate among GOP lawmakers just days before the law is due to expire.
DarkReading
EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.
Computerworld
Feds say Microsoft security ‘requires an overhaul’ — but will it listen?
The Department of Homeland Security is slamming Microsoft for what it calls a ‘cascade’ of avoidable errors that allowed a high-profile hack of government officials. Here we go again.
CyberNews
Meta overhauls rules on AI deepfakes for Facebook and Instagram
Meta's Facebook, Instagram, and Threads new “Made with AI” label for AI-generated images, video, and audio will help combat disinformation ahead of the US elections.
The Record
Congress prepares for FISA Round 3
U.S. House leaders are planning to call up legislation that would renew powerful spying authorities — known as Section 702 — that are slated to expire in a matter of days.
Ars Technica
Microsoft blamed for “a cascade of security failures” in Exchange breach report
Summer 2023 intrusion pinned to corporate culture, "avoidable errors."
DarkReading
Feds to Microsoft: Clean Up Your Cloud Security Act Now
A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.
SecurityWeek
Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack
Report from Cyber Safety Review Board says Microsoft’s security culture was inadequate and requires an overhaul.
SC Magazine
Review board slams Microsoft’s lax security practices and culture
A “cascade of security failures” allowed China’s top cyberespionage operatives to steal high-level U.S. government emails last year.
The Record
DHS blames ‘cascade of security failures at Microsoft’ for China hack on US government
Microsoft still does not have a full understanding of how alleged Chinese government hackers breached its systems and accessed the emails of senior U.S. government leaders, according to a review by the Department of Homeland Security.
CyberNews
Jon Stewart says Apple begged him not to talk to FTC chair Khan on air
With Apple battling regulators in courts, another hit has come from Jon Stewart. The tech giant tried to tell the comedian whom not to interview.
SC Magazine
US House forbids staff members from using AI chatbot Microsoft Copilot
In a move similar to banning the use of ChatGPT, Copilot will be blocked from all Windows devices used by House staff members.
The Record
FCC to probe ‘grave’ weaknesses in phone network infrastructure
In a move praised by privacy and security experts, the agency says it is looking hard at the safety of protocols known as SS7 and Diameter.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
Ars Technica
OpenAI holds back wide release of voice-cloning tech due to misuse concerns
Voice Engine can clone voices with 15 seconds of audio, but OpenAI is warning of potential misuse.
SecurityWeek
VP Harris Says US Agencies Must Show Their AI Tools Aren’t Harming People’s Safety or Rights
U.S. federal agencies must show their AI tools aren’t harming the public, or stop using them, under new rules unveiled by the White House.
The Record
New Defense Department cyber policy office has opened
The congressionally-mandated Office of the Assistant Secretary of Defense for Cyber Policy is meant to improve the Pentagon’s focus on cybersecurity matters.
Infosecurity News
US Treasury Urges Financial Sector to Address AI Cybersecurity Threats
The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges
CyberSecurity Dive
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
SecurityWeek
CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities
CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.
Loading more articles....