0 分钟阅读
Security News You Can Use—Issue 16
Lionel Menchaca
Welcome to the next edition of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry.
In this issue, Google, OpenAI, Microsoft, Amazon, Nvidia and other big names in AI band together as the Coalition for Secure AI (CoSAI), Tag-100 hackers turn to open-source tools, FIN7 hackers sell anti Endpoint Detection & Response tools to others, North Korean hackers use BeaverTail ransomware to target MacOS users, Operation Spincaster and more.
Here are the articles getting our attention:
Google has launched the Coalition for Secure AI (CoSAI) to address AI security risks. CoSAI, which includes members like Amazon, Microsoft, and OpenAI, focuses on software supply chain security, preparing defenders for cybersecurity challenges, and AI security governance. This initiative, hosted by OASIS Open, aims to develop industry standards, frameworks, and best practices to ensure secure AI deployment. CoSAI will collaborate with various organizations to advance responsible AI and prioritize transparency and ethical practices in AI development.
TAG-100, tracked by Recorded Future's Insikt Group, is using open-source tools in a suspected cyber espionage campaign targeting global government and private organizations. Since February 2024, TAG-100 has compromised entities in at least ten countries, including the U.K., U.S., and Taiwan. The group exploits known security flaws in internet-facing products and uses tools like Pantegana and Spark RAT post-exploitation. Their focus on internet-facing appliances reduces detection risk, highlighting the need for stronger security measures. This campaign highlights the use of proof-of-concept exploits and open-source programs, complicating attribution and evasion. The group's focus on internet-facing appliances reduces detection risk post-exploitation, emphasizing the need for enhanced security measures.
The FIN7 hacking group, suspected to be Russian and active since 2013, has been found selling its custom "AvNeutralizer" tool. This tool disables enterprise endpoint protection software, facilitating undetected cyber intrusions. Initially focused on financial fraud, FIN7 later engaged in ransomware, linking with DarkSide, BlackMatter, and BlackCat ransomware operations. They have also used sophisticated phishing and custom malware to breach corporate networks. Researchers from SentinelOne identified "AvNeutralizer" being used by multiple ransomware operations since 2022, indicating its widespread distribution. FIN7's continuous innovation and tool updates pose significant threats to global enterprises. Their operations complicate attribution due to their use of multiple aliases and collaboration with other cybercriminals.
North Korean hackers have updated their BeaverTail malware to target macOS users, distributing it through a fake video call service named "MiroTalk.dmg." The malware, originally identified in 2023, steals sensitive information from web browsers and cryptocurrency wallets and can deliver additional payloads. This updated variant highlights the hackers' continued focus on sophisticated social engineering and their ability to bypass security measures. The group's activities pose significant threats to enterprises worldwide, emphasizing the need for robust cybersecurity defenses.
Cryptocurrency experts and law enforcement from six countries collaborated to dismantle networks responsible for over $1 billion in "approval phishing" scams. Operation Spincaster, involving 17 crypto exchanges and 12 public sector agencies, aimed to disrupt these scams by training officers to identify compromised wallets and trace stolen funds. This effort, starting in Canada and expanding globally, led to numerous account closures, fund seizures, and prevented further victimization. The operation underscores the importance of international cooperation in combating sophisticated cryptocurrency fraud schemes.
Lionel Menchaca
阅读更多文章 Lionel MenchacaAs the Content Marketing and Technical Writing Specialist, Lionel leads Forcepoint's blogging efforts. He's responsible for the company's global editorial strategy and is part of a core team responsible for content strategy and execution on behalf of the company.
Before Forcepoint, Lionel founded and ran Dell's blogging and social media efforts for seven years. He has a degree from the University of Texas at Austin in Archaeological Studies.
- Forcepoint Security NewsRead Past Issues