ATTACKERS ABUSE GOOGLE AD FEATURE TO TARGET SLACK, NOTION USERS BY ELIZABETH MONTALBANO
Attackers are reportedly using Google Ads to distribute malware, including the Rhadamanthys stealer, by embedding malicious URLs in banner ads disguised as installers for popular groupware like Slack and Notion. The campaign redirects users to attacker-controlled websites resembling legitimate groupware sites, tricking them into downloading and executing the malware. The Rhadamanthys stealer collects sensitive data from infected systems and is popular among attackers. Being that this isn't the first time Google Ads has been abused for malware distribution, users are encouraged to be cautious and pay attention to URLs when clicking on ads. ASEC has provided a list of associated URLs to help identify affected users.
HHS LOOKS TO CREATE ‘ONE-STOP SHOP’ FOR HEALTHCARE CYBERSECURITY BY JUSTIN DOUBLEDAY
The Department of Health and Human Services (HHS) is restructuring its healthcare cybersecurity resources and programs in response to the Change Healthcare ransomware attack, aiming to establish a "one-stop shop" for cyber at the Administration for Strategic Preparedness and Response (ASPR). This initiative seeks to streamline information sharing across HHS and with industry partners, enhance coordination, deepen partnerships with industry, and bolster incident response capabilities, with ASPR serving as the central hub. This move comes amid concerns about the federal response to the Change Healthcare incident, with lawmakers urging preventive measures and cybersecurity awareness campaigns. The healthcare sector remains a prime target for ransomware attacks, prompting the Biden administration to advocate for regulating cybersecurity in critical infrastructure. ASPR's new cybersecurity strategy emphasizes incentivizing best practices, setting voluntary goals, and proposing new requirements through CMS.
CISA RESOURCE LOOKS TO HELP HIGH-RISK GROUPS THWART CYBERATTACKS BY DAVID DIMOLFETTA
The DHS's Cybersecurity and Infrastructure Security Agency (CISA) released guidance to assist activists, journalists, human rights workers, and others affiliated with civil society groups facing cyber threats, including spyware. Recognizing the limited cybersecurity resources of these communities, the guidance provides free-to-use tools, helplines, guides (including some for non-technical staff), and Information Sharing and Analysis Centers (ISACs). Developed in collaboration with various stakeholders, including civil society groups and governments, the resource highlights the Joint Cyber Defense Collaborative for information sharing. The State Department aims to expand a global spyware deterrence pact with allied nations. Additionally, CISA previously released guidance for election workers and officials to prepare for potential election disturbances.
OPEN SOURCE FOUNDATIONS UNITE ON COMMON STANDARDS FOR EU’S CYBER RESILIENCE ACT BY PAUL SAWERS
Seven open source foundations, including the Apache Software Foundation, Blender Foundation, and Python Software Foundation, are joining forces to establish common specifications and standards for Europe's Cyber Resilience Act (CRA). The legislation aims to enforce cybersecurity practices for internet-connected products across the EU and impose fines for noncompliance. Initially met with criticism, the revised legislation provides protections for open source developers and recognizes the role of "open source stewards." The collaboration seeks to address patchy documentation in open source projects and align security standards across the industry. Spearheaded by the Eclipse Foundation in Brussels, the initiative involves various stakeholders to meet the regulatory requirements and enhance cybersecurity processes.
CHINESE HACKERS TURN TO AI TO MEDDLE IN ELECTIONS BY DEREK B. JOHNSON
Chinese hacking groups are increasingly using deepfakes and other AI-generated content to interfere in foreign elections, as revealed by Microsoft's recent research. While traditional tactics like fake social media accounts are still prevalent, China is exploring new tools to spread propaganda, including AI-manipulated imagery. Chinese influence campaigns have also targeted elections in Taiwan, utilizing AI-generated news broadcasts and fake anchors. Beyond election interference, Chinese hacking operations linked to intelligence collection have expanded, targeting various countries and sectors, including government entities, IT companies, and defense organizations. These operations aim to gather sensitive information and steal valuable technologies, highlighting China's growing cyber capabilities on the global stage.
