Friday Five: Critical Infrastructure Security, Proposed AI Regulations, & More
CISA’s fight against supply chain attacks, possible AI regulations, a malicious Super Mario game, and more—catch up on all the latest in this week’s Friday Five!
CISA TO LAUNCH NEW CYBER SUPPLY CHAIN RESOURCE HUB BY CHRIS RIOTTA
The Cybersecurity and Infrastructure Security Agency (CISA) is creating a resource center to help federal agencies address compliance issues related to cyber supply chain risk management (C-SCRM) and software security mandates. The center will be piloted by select agencies before expanding to include industry participation. CISA aims to provide practical checklists and guides based on National Institute of Standards and Technology (NIST) recommendations to improve compliance. The resource center's goal is to help organizations operationalize C-SCRM practices and improve overall cyber hygiene. It will offer assets like templates, checklists, and guides. CISA also plans to launch a training initiative focusing on C-SCRM processes and requirements, aiming to equip stakeholders with the tools and techniques to reduce risks.
WHITE HOUSE RELEASES CYBERSECURITY BUDGET PRIORITIES FOR FY 2025 BY CHRISTIAN VASQUEZ
The Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) have issued a memorandum outlining five cybersecurity budget priorities for federal departments and agencies in the 2025 fiscal year. The priorities align with the U.S. National Cybersecurity Strategy and emphasize defending critical infrastructure, disrupting threat actors, shaping market forces, investing in resilience, and forging international partnerships. The OMB and ONCD will review agencies' budget submissions to identify potential gaps and propose solutions. The memo highlights the need to modernize federal defenses, combat ransomware, influence the cybersecurity market, strengthen the cyber workforce, prepare for a post-quantum future, enhance international partnerships, and secure global supply chains. Additional guidance on cybersecurity research and development priorities will be released in a separate memo.
FIRST AI ADVISORY COMMITTEE REPORT STRESSES GETTING REGULATORY BALANCE RIGHT BY ALEXANDRA KELLEY
The National Artificial Intelligence Advisory Committee (NAIAC) has submitted its first congressionally-mandated report to President Joe Biden, providing recommendations on maximizing the benefits of artificial intelligence (AI) implementation in the U.S. The report emphasizes prioritizing trustworthy AI systems, fostering research and development initiatives, and establishing international partnerships to align AI governance standards. It suggests a whole-of-government approach, including the creation of an office dedicated to federal AI policy and the appointment of a chief responsible AI officer. The report highlights the importance of addressing workforce adaptation to emerging AI technologies and outlines key focus areas such as AI regulation, inclusion, safety, and the economy. The implementation of the recommendations rests with the President and the National AI Initiative Office.
FBI SEIZES BREACHFORUMS AFTER ARRESTING ITS OWNER POMPOMPURIN IN MARCH BY SERGIU GATLAN
The clear web domain of the BreachForums hacking forum has been seized by U.S. law enforcement. The seizure followed the arrest of the forum's owner, Conor Fitzpatrick (aka Pompompurin), three months ago. The domain, Breached[.]vc, now displays a seizure banner indicating it was taken down by various U.S. agencies and international law enforcement partners. Law enforcement also seized Pompompurin's personal site, pompur[.]in. While the clear web domain shows the seizure banner, the dark web counterpart currently displays a "404 Not Found" error. The seizure aims to combat cybercrime and prevent further breaches. The next steps regarding the seized domains and the charges against Pompompurin are in the hands of the authorities.
TROJANIZED SUPER MARIO INSTALLER GOES AFTER GAMER DATA BY ELIZABETH MONTALBANO
Attackers have repackaged a legitimate installer for the popular Super Mario Bros game with a Trojan that spreads malware on Windows machines, according to a recent blog on the matter. The installer for Super Mario 3: Mario Forever, a free Windows version of the Nintendo game, contains an XMR miner, a SupremeBot mining client, and the Umbral Stealer. The stealer extracts sensitive information from various browsers, captures screenshots and webcam images, and collects files associated with cryptocurrency wallets. To mitigate the risk, users are advised to avoid downloading software from untrusted sources, organizations should provide security awareness training, and implement measures to block known torrent sites and monitor system activity.