May 26

News/Trends

• New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids

• Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

• Google Cloud Bug Allows Server Takeover From CloudSQL Service

• Microsoft reports jump in business email compromise activity

• China-Backed ‘Volt Typhoon’ Hackers Spying on US Critical Infrastructure

• Legion Malware Upgraded to Target SSH Servers and AWS Credentials

• E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

• How Universities Can Bridge Cybersecurity’s Gender Gap

• KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

Law/Policy

• FTC Announces COPPA Settlement Against Ed Tech Provider Including Strict Data Minimization and Data Retention Requirements

• New DOD doctrine officially outlines and defines ‘expeditionary cyberspace operations’

• FTC Makes Moves to Enhance Data Privacy Oversight

• GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices

Technical 4 

• Understanding the Country-Level Security of Free Content Websites and their Hosting Infrastructure

• Optimal Privacy Preserving for Federated Learning in Mobile Edge Computing

• Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications

• Lattice Codes for Lattice-Based PKE

Report, blogs, podcasts

• New report reveals tips for building a skilled cybersecurity workforce

• Expeditionary Cyberspace Operations

• On the Poisoning of LLMs

• Adding the operation focus to OT security

• Smashing Security podcast #323: Botched Bitcoin blackmail, iSpoof, and Meta’s billion dollar data bungle

• 6 ways generative AI chatbots and LLMs can enhance cybersecurity

• Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

• S3 Ep136: Navigating a manic malware maelstrom

• Improving Cybersecurity Requires Building Better Public-Private Cooperation

May 19

News/Trends

• Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

• Microsoft Azure VMs Hijacked in Cloud Cyberattack

• Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

• LexisNexis Risk Solutions Cybercrime Report Reveals 20% Annual Increase in Global Digital Attack Rate

• Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

• White House Shifts US Cybersecurity Strategy Towards International Cooperation

• Why High Tech Companies Struggle with SaaS Security

• Generative AI Empowers Users but Challenges Security

• Ransomware corrupts data, so backups can be faster and cheaper than paying up

• CISA, FBI, and ACSC Confirm BianLian Ransomware’s Switch to Extortion-Only Attacks

Law/Policy

• House hearing details cyber resilience efforts for energy, water and healthcare

• Lawmakers advance cyber bills aimed at open-source, satellite vulnerabilities

• Transportation Needs to Improve Cyber Policy Implementation, Watchdog Finds

• Justice and Commerce Department ‘strike force’ target theft of quantum, autonomous technologies

• TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline

Technical

• Privacy-Preserving Ensemble Infused Enhanced Deep Neural Network Framework for Edge Cloud Convergence

• Survey of Malware Analysis through Control Flow Graph using Machine Learning

• REMaQE — Reverse Engineering Math Equations from Executables

• AI Ethics on Blockchain: Topic Analysis on Twitter Data for Blockchain Security

Report, blogs, podcasts

• Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table

• 10 Types of AI Attacks CISOs Should Track

• Smashing Security podcast #322: When you buy a criminal’s phone, and paying for social media scams

• Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks

• Optimize user experience and achieve faster IT resolutions using AI

• S3 Ep135: Sysadmin by day, extortionist by night

• Security Risks of New .zip and .mov Domains

• The nature of cyberincidents in 2022

• What Russia’s hybrid war on Ukraine has taught us about nation state tactics

• The new info-stealing malware operations to watch out for

May 5

News/Trends

• Azure API Management flaws highlight server-side request forgery risks in API development

• An Overview of Malicious Activities in Q1; Telegram Bots in Spotlight

• New White House AI Initiatives Include AI Software-Vetting Event at DEF CON

• Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service

• CISA Advises FCC Covered List For Risk Management

• Tracked by hidden tags? Apple and Google unite to propose safety and security standards

• NIST Draft Document on Post-Quantum Cryptography Guidance

• Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Law/Policy

• White House Issues Request for Comment on Use of Automated Tools with the Workforce

• Fight over Kids Online Safety Act heats up as bill gains support in Congress

• CISA seeks public comment on software security attestation form

• CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Unit

Technical

• Triangle Counting with Local Edge Differential Privacy

• CNS-Net: Conservative Novelty Synthesizing Network for Malware Recognition in an Open-set Scenario

• Cumulus: Blockchain-Enabled Privacy Preserving Data Audit in Cloud

• Enhancing Adversarial Contrastive Learning via Adversarial Invariant Regularization

Report, blogs, podcasts

• Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

• Microsoft Digital Defense Report: Key Cybercrime Trends

• SolarWinds Detected Six Months Earlier

• The warning signs for security analyst burnout and ways to prevent

• S3 Ep133: Apple takes “tight-lipped” to a whole new level

• Making the case for leveraging automation to eradicate cybersecurity burnout

• Smashing Security podcast #320: City Jerks, AI animals, and is the BBC hacking again?

• Cybersecurity in the Cloud: The Challenging Hurdles It Has To Overcome

• Companies Increasingly Hit With Data Breach Lawsuits

April 28

News/Trends

Why Your Detection-First Security Approach Isn’t Working

5 most dangerous new attack techniques

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

LimeRAT Malware Analysis: Extracting the Config

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Google Cloud Introduces Generative AI to Security Tools as LLMs Reach Critical Mass

Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut B

US DoJ Prioritizes Victim Support in Cybercrime Crackdown

Law/Policy

DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI

DHS pushes Congress to formally establish Cyber Safety Review Board

To combat cybercrime, US law enforcement increasingly prioritizes disruption

Bill proposes new DHS centers for testing security of critical government tech

Technical

On the (In)security of Peer-to-Peer Decentralized Machine Learning

Improving Robustness Against Adversarial Attacks with Deeply Quantized Neural Networks

Breaking DPA-protected Kyber via the pair-pointwise multiplication

Decentralized Threshold Signatures with Dynamically Private Accountability

Report, blogs, podcasts

Many Public Salesforce Sites are Leaking Private Data

How Better Integration of Systems, Apps Bolsters Enterprise Security

The K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year

The White House National Cybersecurity Strategy Has a Fatal Flaw

S3 Ep132: Proof-of-concept lets anyone hack at will

Minecraft clones stealthily load ads on millions of Android devices

Google 2FA Syncing Feature Could Put Your Privacy at Risk

Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales

AI to Aid Democracy