Friday Five: DOJ Launches new Cybercrime Unit, Regulating AI, and Consolidating Cybersecurity Tools
DOJ ESTABLISHES CYBERCRIME ENFORCEMENT UNIT AS U.S. WARNINGS MOUNT OVER CHINESE HACKING BY AJ VICENS
The Department of Justice (DOJ) has established a new cyber-focused section called the National Security Cyber Section (NatSec Cyber) to combat digital crimes. The section has been approved by Congress and aims to address cyberthreats on equal footing with other national security issues. It will enhance the DOJ's efforts to disrupt and prosecute nation-state cyberthreats, state-sponsored cybercriminals, money launderers, and other cyber-enabled threats to national security. The establishment of NatSec Cyber aligns with President Biden's cybersecurity strategy, emphasizing cross-agency collaboration to fight cybercrime. The move comes amidst growing concerns about nation-state cyberattacks, particularly from Russia and China.
NEW MYSTIC STEALER MALWARE INCREASINGLY USED IN ATTACKS BY BILL TOULAS
A new malware called 'Mystic Stealer,' an information-stealing malware that has been actively promoted on hacking forums and darknet markets, has gained popularity in the cybercrime community since April 2023. The malware targets various web browsers, browser extensions, cryptocurrency applications, MFA and password management applications, as well as credentials for platforms like Steam and Telegram. A joint report from InQuest and Zscaler, along with a separate report from Cyfirma, highlight the malware's sophistication and a surge in sales, leading to the emergence of new campaigns. Veterans in the field have verified the malware's effectiveness, confirming its capability as a potent information stealer. Read more about the malware’s technical details and capabilities in the full story from BleepingComputer.
BIDEN TO MEET WITH AI EXPERTS TO TALK REGULATION AND SAFETY BY ALEXANDRA KELLEY
This past week, President Joe Biden held a meeting with experts and researchers in the field of artificial intelligence (AI) to integrate private sector and academic expertise into federal technology policy, which was reportedly focused on studying the impact of AI on work, bias, prejudice, and children's issues. The Biden administration aims to address societal risks associated with AI and promote a secure software development approach. The Office of Management and Budget is set to release new draft policy guidance for federal agencies, emphasizing civil liberties in AI procurement and usage. This meeting followed the administration's efforts to involve leading tech companies in AI discussions and seek their commitment to addressing AI-related challenges.
EVEN WITH NO RECESSION, SMALLER FIRMS AIM TO CONSOLIDATE SECURITY TOOLS BY ROB LEMOS
In the face of economic headwinds, partially brought on in the wake of COVID-19, small and mid-sized companies are increasingly looking to consolidate their security tools and embrace managed security service providers. This is according to a new survey released this week that found that a staggering 86 percent of SMB customers are using managed service providers to reduce their security solution inventory. Those findings more or less echo what Gartner, one of the larger information security analyst firms, has found of late. Patrick Long, an analyst with the firm, told DarkReading this week that most midsized companies, organizations with $50 million to $1 billion in revenue and up to 2,500 employees, are looking to downsize the number of security vendors they utilize but mainly by optimizing their security operations.
APPLE PATCHES ZERO DAYS USED IN TARGETED iOS ATTACKS BY DENNIS FISHER
High risk iPhone, iPad, and other Apple users should heed a recent advisory issued via the company and patch their devices sooner than later, according to a story in Duo's Decipher blog this week. One of the vulnerabilities fixed in the most recent version of iOS addresses a trio of zero days that have apparently been exploited in the wild. Among the bugs fixed are CVE-2023-32434, a bug that could have led to remote code execution on a compromised device, CVE-2023-32435, a memory corruption bug, and a type confusion bug in WebKit. Those interested in the full breakdown of patches released by Apple this week, for iOS, along with Safari, macOS, and watchOS, should head to the Apple security updates section of its website.