The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern policy areas within the direct control of the U.S. government’s Executive Branch, they are important broadly because they inform industry best practices and can … [Read more...] about CrowdStrike’s View on the New U.S. Policy for Artificial Intelligence (AI)
u.s.
Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
Oct 09, 2023NewsroomCredential Harvesting / Hacking Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling … [Read more...] about Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
Sep 30, 2023THNRansomware / Cyber Threat The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, … [Read more...] about FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
Jun 24, 2023Ravie LakshmananThreat Intel / Zero Day The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware … [Read more...] about U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
May 25, 2023Ravie LakshmananCyber Threat / Espionage A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise … [Read more...] about China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
China Bans U.S. Chip Giant Micron, Citing “Serious Cybersecurity Problems”
May 23, 2023Ravie LakshmananNational Security / Hardware China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country's cybersecurity authority initiated a probe in late March 2023 to assess potential network security … [Read more...] about China Bans U.S. Chip Giant Micron, Citing “Serious Cybersecurity Problems”
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
Apr 19, 2023Ravie LakshmananNetwork Security / Cyber Espionage U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of … [Read more...] about U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
Mar 06, 2023Ravie LakshmananEncryption / Cybersecurity A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber … [Read more...] about Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware’s Deadly Capabilities
Mar 03, 2023Ravie LakshmananEndpoint Security / Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the … [Read more...] about U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware’s Deadly Capabilities
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
Dec 12, 2022Ravie LakshmananHealthcare IT / Ransomware The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial … [Read more...] about Royal Ransomware Threat Takes Aim at U.S. Healthcare System