Top News

• Telus acquires cybersecurity services firm Vumetric

"Telus announced Tuesday its acquisition of Vumetric Cybersecurity, a Toronto-based cybersecurity provider that specializes in advanced penetration testing designed to identify cyber vulnerabilities and threats to companies across North America."

Link

TLP¹ : Green

• RSAC: Experts Highlight Novel Cyber Threats and Tactics

"Cybersecurity experts at the RSA Conference highlighted the growing sophistication of cyber threats, including the expanding attack surface, identity-based attacks leveraging AI-generated deepfakes, and the use of generative AI to create malware."

Link

TLP¹ : Green

• UK's AI Safety Institute Unveils Platform to Accelerate Safe AI Development

"The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST)."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• AI-Powered Russian Network Pushes Fake Political News

"Security researchers have discovered a major new Russian disinformation campaign using generative AI (GenAI) to “plagiarize and weaponize” content from major news organizations, in a bid to influence Western voters."

Link

TLP¹ : Green

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus

"An advanced persistent threat (APT) group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa."

Link

TLP¹ : Green

• State attorneys general implore Congress not to preempt their privacy laws

"Fifteen state attorneys general on Wednesday called on Congress to prevent new federal comprehensive data privacy legislation from preempting 17 states’ existing or recently passed laws protecting consumer privacy."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• FBCS Collection Agency Data Breach Impacts 2.7 Million

"Debt collection agency Financial Business and Consumer Solutions (FBCS) now says that the personal information of roughly 2.7 million individuals was compromised in a recently disclosed data breach."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• GhostStripe attack haunts self-driving cars by making them ignore road signs

"Researchers have developed a technique called "GhostStripe" that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles."

Link

TLP¹ : Green

• GoTo Meeting loads Remcos RAT via Rust Shellcode Loader

"A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• GenAI enables cybersecurity leaders to hire more entry-level talent

"Around 93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

"Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp