Amid growing concern of the use of AI tools, Congressional questioning and hearings, and the lack of regulation around its use, at least seven technology firms have signed on to follow voluntary commitments to oversee how AI technology is used. The commitments include oversight of thorny issues such as AI safety, privacy, cybersecurity, and public
cybersecurity
Privacy Tip #367 – Update your Apple Operating System to 16.6 NOW
On Monday, July 24, 2023, Apple issued a security update to address vulnerabilities that have been linked to a spyware campaign. iOS 16.6 fixes 25 iPhone security flaws, several of which are being exploited by threat actors in the wild.
Apple says “This update provides important bug fixes and security updates and is recommended for…
Unpatched Fortinet Vulnerability Being Exploited by Threat Actors
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched vulnerability.
TechRadar is reporting that the firewalls are vulnerable to CVE-2023-27997, and a patch has been issued by Fortinet to address…
FIN7/Carbon Spider Attacks Veeam Backup Servers
Researchers at WithSecure cybersecurity firm have seen two malware attacks against Veeam Backup and Replication servers believed to be initiated by cybercrime group FIN7, also known as Carbon Spider, which has also been linked to Darkside, BlackMatter, and BlackCat/ALPHV ransomware variants.
The WithSecure investigators believe that the attacks may be part of a larger campaign…
FDD Suggests Space Systems be Designated as Critical Infrastructure
The Foundation for Defense of Democracies issued a Report late last week entitled Time to Designate Space Systems as Critical Infrastructure which cogently outlines the risks associated with space systems (which are basically the same as any other electronic system) in order to designate space systems as the seventeenth critical infrastructure sector.
Space systems are…
Clop Claims Zero-Day Attacks Against 130 Organizations
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.
The manufacturer of GoAnywhere MFT notified…
NYAG Issues Fine Against Law Firm for Data Breach
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the information in a data breach.
According to the press release, the law firm agreed to pay…
FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware
The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a joint cybersecurity advisory, warning organizations about indicators of compromise, and tactics, techniques, and procedures that have been associated with LockBit 3.0 ransomware.
The Advisory, #StopRansomware: LockBit 3.0, states that LockBit 3.0 is an affiliate-based ransomware variant that functions as…
Threat Groups Using Translation Tools in Phishing Attacks
It used to be that one of the sure ways to identify a phishing email was to notice grammatical errors or broken English in the text of the communication. Thanks to new translation tools like Google Translate, which are available worldwide, threat actors can translate a phishing email into any language, so it sounds authentic…
World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although business leaders are more aware of the risk of cyber issues to their organizations, there remain challenges on how organizations are…