07 Jan 2022

At CES 2022, metaverses metaversed the metaverse

In the lead up to CES, I wrote a piece reflecting on top tech of CES 2012. It was an interesting exercise for a number of reasons — not the least of which was recalling the buzzwords from 10 years ago. That year, LTE and ultrabooks topped the list. One had

Read More
19 Nov 2021

Managing the Cybersecurity Vulnerabilities of Artificial Intelligence

Last week, Andy Grotto and I published a new working paper on policy responses to the risk that artificial intelligence (AI) systems, especially those dependent on machine learning (ML), can be vulnerable to intentional attack. As the National Security Commission on Artificial Intelligence found, “While we are on the front

Read More
30 Jul 2021

UC San Diego Health Breach Tied to Phishing Attack

The University of California San Diego Health reported that they were the victim of a phishing attack that led to a major network breach. The breach exposed the personal and medical data of students, employees, and patients, according to authorities. The organization released a notice on Wednesday that publicly disclosed

Read More
12 Jul 2021

Sage X3 Vulnerabilities Can Pose Serious Risk to Organizations

Researchers at Rapid7, a cybersecurity firm, have reportedly uncovered several vulnerabilities that lie in the Sage X3 enterprise resource planning product. According to the firm, the flaws can be exploited remotely without authentication for a complete remote takeover. Of the four vulnerabilities reported by the researchers, one has been classified

Read More
26 Apr 2021

Prometei Botnet Could Fire Up APT-Style Attacks

The Prometei malware is allegedly using exploits for the Microsoft Exchange “ProxyLogon” security bugs, leveraging the exploits to install Monero-mining malware on targets. The operators behind Prometei are conducting copy-cat attacks similar to those of advanced persistent threat cyberattackers. The malware is exploiting two of the Microsoft vulnerabilities in order

Read More
16 Feb 2021

Many SolarWinds Customers Failed to Secure Systems Following Hack

According to RiskRecon, a risk assessment firm, many companies that were exposed to the SolarWinds Orion espionage campaign have not followed protocol and taken necessary measures to disclose the incident. Several companies are still exposing malicious software to the internet, according to the firm. Threat actors believed to be Russian

Read More
16 Oct 2020

US Indicts Members of Transnational Money-Laundering Organization

According to an indictment announced this week, the US Department of Justice has charged cybercriminals from the QQAAZZ threat actor group with an extensive money-laundering scheme. The indictment charges 14 individuals from Italy, the UK, Spain, Bulgaria, and Latvia, with conspiracy to commit money laundering ranging up to tens of

Read More
21 Sep 2020

Maze Ransomware Adopts Ragnar Locker Virtual-Machine Approach

According to researchers with Sophos Managed Threat Response, the operators behind Maze ransomware have been adopting tactics from rival cybercrime organizations, adding a dangerous new feature. Maze ransomware can now distribute ransomware payloads through virtual machines. According to researchers, this is a “radical” approach that aims to avoid endpoint defense.

Read More
08 Sep 2020

Visa New Baka Skimmer Designed to Avoid Detection

Payment card giant Visa has issued a warning to its users detailing a new sophisticated digital skimming malware that contains tools to mitigate traditional detection methods. Visa stated that they first discovered the skimmer, which has been named “Baka,” in February during an investigation into an unrelated issue. The investigation

Read More
20 May 2020

U.S. Nears Settlement With Sudan Over 1998 Terror Bombings

After extensive negotiations, the Trump administration is reportedly nearing a deal with Sudan to resolve claims over the 1998 bombings of US embassies in Africa perpetrated by terrorist group al Qaeda. These negotiations will help to clear the way to remove Khartoum’s designation as a state sponsor of terrorism, a

Read More