Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body would also ensure that the data adequately protects national security and recognizes privacy rights, the lawmakers say.
Threat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure security researchers who could help the group with penetration testing-related activities to enable ransomware attacks.
The current state of the XDR market is a "chaotic jumble of different features," according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.
In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.
The outages of the notorious REvil - aka Sodinokibi - ransomware operation have been due to a coordinated law enforcement effort involving the U.S. and foreign partners, aimed at disrupting the group's attack capabilities, Reuters reports.
The U.S. Bureau of Industry and Security has issued an interim final rule to curb and control the export, reexport, or in-country transfer of certain offensive cyber tools that are used in surveillance of private citizens and other malicious activities that undermine the nation's security.
In a busy congressional day for cybersecurity legislation, the U.S. House of Representatives passed several bills on Wednesday, targeting both software supply chain and telecommunication system security. One observer describes them as "a win-win for the government and U.S. citizens."
When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.
Four extradited Eastern European men have pleaded guilty in U.S. court to one count of conspiring to serve as administrators of a bulletproof hosting service that facilitated online attacks using the Zeus, SpyEye and Citadel Trojans and the Blackhole exploit kit, says the U.S. Department of Justice.
Researchers at Uptycs Threat Research have uncovered a campaign in which the cloud-focused cryptojacking group TeamTNT is deploying malicious container images hosted on Docker Hub with an embedded script to download testing tools used for banner grabbing and port scanning.
A top leader of the U.S. Cybersecurity and Infrastructure Security Agency has voiced support for a 24-hour timeline for cyber incident reporting involving critical infrastructure, signaling a push by the Biden administration to implement a rapid mechanism for federal response.
Reporting security vulnerabilities to organizations with no disclosure policies can be fraught with tension. In the worst conflicts, security researchers could face lawsuits or even prosecution. Some experts say laws should provide a safe harbor for responsible security research.
New York State AG Letitia James served cease and desist letters to two cryptocurrency lending platforms that her office says engage in "unregistered and unlawful activities." Three other platforms were told by the OAG to "immediately provide information about their activities and products."