Subject: Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
Source: Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: …QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others.
The order cites the need for training, technical assistance and coordination between the Department of Justice and federal civil rights offices to support the prosecution of AI-related civil rights violations. The Department of Health and Human Services is meant to establish a method of receiving reports on AI health risks and the State Department is supposed to lead an effort to create an international framework for the technology.
A full copy of the executive order, which includes myriad provisions and is scheduled to be formally announced Monday afternoon, was not immediately available for publication.
Subject: Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date
Source: Tech Republic
Microsoft exposes Octo Tempest, an English-speaking threat actor that runs extortion, encryption and destruction campaigns at a wide variety of industries. Protect your company from Octo Tempest with these tips. A new report from Microsoft Incident Response and Microsoft Threat Intelligence teams exposed the activities and constant evolution of a financially oriented threat actor named Octo Tempest, who deploys advanced social engineering techniques to target companies, steal data and run ransomware campaigns.
- Octo Tempest’s tactics, techniques and procedures
- Who is Octo Tempest?
- How to protect from the Octo Tempest threat actor
Using its social engineering skills, the group might call employees and trick them into installing a remote monitoring and management tool or browse a phishing site containing an Adversary in the Middle toolkit to bypass two-factor authentication and remove their FIDO2 token.
Subject: Critical Infrastructure Security and Resilience Month Toolkit
Source: CISA via Sabrina
- Critical Infrastructure Security and Resilience Month Toolkit (PDF, 5.20 MB )
- Critical Infrastructure Security and Resilience
- RSS feed for CISA News: https://www.cisa.gov/news.xml
Subject: Russian Reshipping Service ‘SWAT USA Drop’ Exposed
Source: Krebs on Security
The information leaked from SWAT also has exposed the real-life identity and financial dealings of its principal owner — Fearlless, a.k.a. “SwatVerified.” We’ll hear more about Fearlless in Part II of this story. Stay tuned.
Subject: People Search Data Brokers, Stalking, and ‘Publicly Available Information’ Carve-Outs
NB LawFare topic: https://www.lawfaremedia.org/topics/surveillance-privacy
Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.
Subject: New Law Library Report Examines Cybersecurity Laws of Several Countries
Source: In Custodia Legis blog
We know from our daily work that countries are influenced by the legal and policy approaches that are taken by other countries to different issues. For example, governments have considered, or are considering, developments in other jurisdictions in relation to the regulation of artificial intelligence and cryptocurrency. Sometimes, there are international agreements that are implemented into national laws. There are also “soft law” instruments, such as guidelines, recommendations, and standards, which might set out best practices that countries can choose to follow in their own policies, or even reference or implement in their legislation. Approaches can evolve based on a combination of all of these external influences, as well as in response to particular challenges or conditions within a country, historical, cultural, and economic factors, and the structure of governments and legal systems themselves.
For a recent report, we looked at whether and how the laws and policies of selected countries may have been influenced by a particular document – the “Cybersecurity Framework” developed by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce. This framework is “voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.”
In particular, we surveyed countries where the language is one of those into which the framework has been translated – Belgium, Brazil, Bulgaria, Chile, Indonesia, Japan, Mexico, Poland, Saudi Arabia, and Ukraine.