International

CISA, NSA, FBI, and other US and international partners released a joint fact sheet called “People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders.” This publication includes contributions from various partners. U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) U.S. …

As of March 2024, X-Force is tracking the APT28 group is carrying out phishing campaigns using fake government and non-governmental organization documents to target different regions around the world, including Central Asia, Europe, the South Caucasus, and North and South America. The discovered lures include a mix of public and …

* Safeguards on general purpose artificial intelligence * Limits on the use of biometric identification systems by law enforcement * Bans on social scoring and AI used to manipulate or exploit user vulnerabilities * Right of consumers to launch complaints and receive meaningful explanations On Wednesday, Parliament approved the Artificial …

CISA released 15 advisories about Industrial Control Systems (ICS) on March 14, 2024. The advisories include important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-074-01 Siemens SENTRON 7KM PAC3x20 ICSA-24-074-02 Siemens Solid Edge ICSA-24-074-03 Siemens SINEMA Remote Connect Server ICSA-24-074-04 Siemens SINEMA Remote Connect Client ICSA-24-074-05 Siemens …

Cybersecurity attacks are always changing, and it’s important to detect them quickly. To keep up with hackers, Google Safe Browsing now offers real-time URL protection for Chrome users on desktop or iOS. Additionally, Chrome for iOS has new password protections to help you navigate the web securely. Real-time protection through …

The Federal Communications Commission voted to start a program for labeling wireless consumer Internet of Things products with strong cybersecurity. This means that products meeting these standards will have a “U.S Cyber Trust Mark” label, helping consumers make better choices and encouraging manufacturers to improve cybersecurity. The Commission has adopted …

FortiGuard Labs found a phishing campaign that tricks users into downloading a malicious Java downloader to spread new VCURMS and STRRAT remote access trojans. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub to avoid detection. They used email as its command and control throughout …

The NSA released a list of ten recommended security strategies for cloud customers. The advisory, published on March 7, 2024, includes ten strategies for cloud security, identity and access management, data security practices, and network segmentation. CISA supported the NSA with six out of ten strategies for cybersecurity and infrastructure …

FortiGuard Labs found a threat using a harmful PDF to spread the CHAVECLOAK banking Trojan. The attack involves the PDF downloading a ZIP file and then using DLL side-loading to run the malware. CHAVECLOAK targets Brazilian users to steal financial information. Figure 1 shows the detailed flow of this cyber …

The NSA and CISA have released five bulletins on securing a cloud environment. Cloud services are very popular for businesses because they offer managed servers, storage, and applications without the need to manage their own infrastructure. Many enterprise application developers now offer both on-premise and cloud-hosted versions of their services. …