The Cyberwire Daily Briefing
"California advances legislation to regulate AI models."
Views expressed in this cybersecurity, cyber crime summary are those of the reporters and correspondents. Accessed on 31 August 2024, 2232 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/167
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 08.30.24
Announcement
Listen to CertByte, the newest segment on the CyberWire Daily
We’re excited to debut our new bi-weekly segment, CertByte, on the CyberWire Daily podcast. Join N2K’s Chris Hare and special guests every other Wednesday to dissect practice test questions and get insider study tips to accelerate your path to certification success. In our first episode, Chris and George Monsalvatge break down a Project Management Professional (PMP®) question. To listen, subscribe to the CyberWire Daily podcast, or watch here on YouTube.
Summary
We’re excited to debut our new bi-weekly segment, CertByte, on the CyberWire Daily podcast. Join N2K’s Chris Hare and special guests every other Wednesday to dissect practice test questions and get insider study tips to accelerate your path to certification success. In our first episode, Chris and George Monsalvatge break down a Project Management Professional (PMP®) question. To listen, subscribe to the CyberWire Daily podcast, or watch here on YouTube.
At a glance.
- California advances legislation to regulate AI models.
- RansomHub affiliates have hit over 200 victims since February 2024.
- Critical RCE flaw affects Progress Software's WhatsUp Gold.
- California advances legislation to regulate AI models.
- RansomHub affiliates have hit over 200 victims since February 2024.
- Critical RCE flaw affects Progress Software's WhatsUp Gold.
California advances legislation to regulate AI models.
The California State legislature has passed SB 1047, a bill that would impose safety requirements for developers of large-scale AI models, the Verge reports. The bill now goes to Governor Gavin Newsom, who can decide to sign it, veto it, or allow it to pass without his signature. California State Senator Scott Wiener, the main author of the bill, says the legislation "enacts common sense, first-in-the-nation safeguards to protect society from AI being used to conduct cyberattacks on critical infrastructure; develop chemical, nuclear or biological weapons; or unleash automated crime."
Critics of the bill include OpenAI, Google, and Meta, as well as prominent Silicon Valley-area Democrat politicians, who argue that the regulation will stifle innovation and place a heavy burden on smaller startups, POLITICO reports.
If you're on the front line, we've got your back.Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
The California State legislature has passed SB 1047, a bill that would impose safety requirements for developers of large-scale AI models, the Verge reports. The bill now goes to Governor Gavin Newsom, who can decide to sign it, veto it, or allow it to pass without his signature. California State Senator Scott Wiener, the main author of the bill, says the legislation "enacts common sense, first-in-the-nation safeguards to protect society from AI being used to conduct cyberattacks on critical infrastructure; develop chemical, nuclear or biological weapons; or unleash automated crime."
Critics of the bill include OpenAI, Google, and Meta, as well as prominent Silicon Valley-area Democrat politicians, who argue that the regulation will stifle innovation and place a heavy burden on smaller startups, POLITICO reports.
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
RansomHub affiliates have hit over 200 victims since February 2024.
The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, MS-ISAC, and the Department of Health and Human Services have issued a joint advisory on the RansomHub ransomware-as-a-service operation. RansomHub affiliates have hit at least 210 victims since the operation surfaced in February 2024, targeting entities in "the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors." RansomHub has attracted affiliates from other high-profile ransomware variants, including LockBit and ALPHV.
BleepingComputer reports that RansomHub was responsible for the recent attack against US-based oil giant Halliburton.
See what cybercriminals know about your organization and customersDigital identities go beyond just usernames and passwords, meaning cybercriminals have increased access to sensitive data they can use against you. Last year alone, SpyCloud researchers and data scientists recaptured and analyzed more than 43.7 billion distinct identity records. Use our free tool to see your organization’s darknet footprint, including breach exposures and malware-exfiltrated data that put your business at risk of account takeover and ransomware. Check your exposure now.
The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, MS-ISAC, and the Department of Health and Human Services have issued a joint advisory on the RansomHub ransomware-as-a-service operation. RansomHub affiliates have hit at least 210 victims since the operation surfaced in February 2024, targeting entities in "the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors." RansomHub has attracted affiliates from other high-profile ransomware variants, including LockBit and ALPHV.
BleepingComputer reports that RansomHub was responsible for the recent attack against US-based oil giant Halliburton.
Digital identities go beyond just usernames and passwords, meaning cybercriminals have increased access to sensitive data they can use against you. Last year alone, SpyCloud researchers and data scientists recaptured and analyzed more than 43.7 billion distinct identity records. Use our free tool to see your organization’s darknet footprint, including breach exposures and malware-exfiltrated data that put your business at risk of account takeover and ransomware. Check your exposure now.
Critical RCE flaw affects Progress Software's WhatsUp Gold.
Censys has published an advisory on a remote code execution vulnerability affecting Progress Software's WhatsUp Gold network monitoring and management solution, SecurityWeek reports. The researchers explain, "The vulnerability exists in the GetFileWithoutZip functionality of WhatsUp Gold. An attacker can send a crafted request with directory traversal payloads to upload files to arbitrary locations on the server. By uploading malicious files, the attacker can achieve remote code execution."
Several proof-of-concept exploits have been published on GitHub, and users are urged to update to version 2023.1.3 as soon as possible.
D.C.’s Premier Gathering of Cybersecurity Visionary LeadersN2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Censys has published an advisory on a remote code execution vulnerability affecting Progress Software's WhatsUp Gold network monitoring and management solution, SecurityWeek reports. The researchers explain, "The vulnerability exists in the GetFileWithoutZip functionality of WhatsUp Gold. An attacker can send a crafted request with directory traversal payloads to upload files to arbitrary locations on the server. By uploading malicious files, the attacker can achieve remote code execution."
Several proof-of-concept exploits have been published on GitHub, and users are urged to update to version 2023.1.3 as soon as possible.
N2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Notes.
Today's issue includes events affecting Romania, Serbia, and the United States.
Sponsored EventsUpcoming Cybersecurity Summits (Multiple Cities, Aug 27 - Sep 19, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/27 in San Antonio, on 9/6 in Chicago, 9/17 in Atlanta and 9/19 in Wall Street Learn about the latest threats and solutions from The IRS, U.S. DHS/CISA, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting Romania, Serbia, and the United States.
Attacks, Threats, and Vulnerabilities
Radware Report Surfaces Increasing Waves of DDoS Attacks (Security Boulevard) A report by Radware finds that DDoS attacks are increasing not only in number and volume, some lasting as long as 100 hours over six days.
Deepfakes and Digital Deception: Exploring Their Use and Abuse in a Generative AI World (BlackBerry) In our new white paper, "Deepfakes Unmasked: The Technology and Techniques Behind This Growing Threat," we explore the intricate world of deepfakes—synthetic digital media generated by advanced AI technologies—and the multifaceted challenges they present to society.
Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers (Hackread) Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
Radware Report Surfaces Increasing Waves of DDoS Attacks (Security Boulevard) A report by Radware finds that DDoS attacks are increasing not only in number and volume, some lasting as long as 100 hours over six days.
Deepfakes and Digital Deception: Exploring Their Use and Abuse in a Generative AI World (BlackBerry) In our new white paper, "Deepfakes Unmasked: The Technology and Techniques Behind This Growing Threat," we explore the intricate world of deepfakes—synthetic digital media generated by advanced AI technologies—and the multifaceted challenges they present to society.
Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers (Hackread) Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
Marketplace
1Password Welcomes Mark Anderson to Its Board of Directors (BusinessWire) Cybersecurity Industry Leader Joins 1Password, Pioneer of New Extended Access Management Security Category
GetReal Labs Announces the Appointment of Matt Moynahan as CEO (PR Newswire) /PRNewswire/ -- GetReal Labs, the world's leading authority on malicious manipulated content and deepfakes, today announced the appointment of Matt Moynahan as...
1Password Welcomes Mark Anderson to Its Board of Directors (BusinessWire) Cybersecurity Industry Leader Joins 1Password, Pioneer of New Extended Access Management Security Category
GetReal Labs Announces the Appointment of Matt Moynahan as CEO (PR Newswire) /PRNewswire/ -- GetReal Labs, the world's leading authority on malicious manipulated content and deepfakes, today announced the appointment of Matt Moynahan as...
Litigation, Investigation, and Law Enforcement
2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress (SecurityWeek) A former US president and several members of Congress were targets of a plot carried out by two European men to intimidate and threaten dozens of people by calling in bogus reports of police emergencies at their homes.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress (SecurityWeek) A former US president and several members of Congress were targets of a plot carried out by two European men to intimidate and threaten dozens of people by calling in bogus reports of police emergencies at their homes.
For a complete running list of events, please visit the Event Tracker.
Events
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
SecureWorld St. Louis (Clayton, Missouri, USA, Sep 26, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Comments
Post a Comment
Please leave a comment about our recent post.