With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news.

Tuesday, April 30, 2024 08:00

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news.  

We’ve pulled together the highlights, so you don’t miss out on all things Talos.  

**Tuesday, May 5**  

Joe Marshall will be presenting on Project Power Up alongside Tara Vasyliv of NPC UKRENERGO on how Talos has helped to protect Ukraine’s power grid from disruptive electronic warfare. Reserve your seat for the 8:30 a.m. session here. 

Nick Biasini will be giving a lighting talk at the Cisco Booth N-5845 in the North Hall at 3:30 p.m. on the good, the bad and the ugly of ransomware in 2024.  

**Wednesday, May 6**  

Nicole Hoffman will be signing her children’s book, “The Mighty Threat Intelligence Warrior,” at 12:30 p.m. in the RSA Bookstore located in Moscone South, Esplanade Level.  

**Thursday, May 7**  

Hoffman will be out again, this time hosting a session on applying past lessons learned in hopes of a better future for identify threat detection at 9:40 a.m. in Moscone West 3022. Reserve a seat for the session here.  

And you can always follow along all week on X and LinkedIn for the latest updates.

Cisco Talos at RSAC 2024

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.
"These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)&

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

PRESS RELEASE

SAN DIEGO, April 29, 2024/PRNewswire/ -- ESET, a global leader in cybersecurity solutions, today announced the launch of two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTECT MDR Ultimate for enterprises. These offerings are built on the foundation of ESET PROTECT Elite and ESET PROTECT Enterprise, offering businesses of all sizes the most comprehensive, AI-powered threat detection and response capabilities, in combination with expert human analysis and comprehensive threat intelligence.

ESET's MDR offerings are designed to cater to the specific needs of both SMBs and Enterprises. To that end, ESET PROTECT MDR delivers a comprehensive cybersecurity package, offering 24/7/365 superior protection that addresses the most common challenges of small and medium-sized businesses. This includes modern protection for endpoints, email, and cloud applications, vulnerability detection and patching, and managed threat monitoring, hunting, and response. It addresses the cybersecurity talent shortages and ensures compliance with cyber insurance and regulations, offering a remarkable 20-minute average time to detect and respond, a comprehensive MDR dedicated dashboard and regular reporting for complete peace of mind.

For enterprises, ESET PROTECT MDR Ultimate offers continuous proactive protection and enhanced visibility, coupled with customized threat hunting and remote digital forensic incident response assistance. This comprehensive service is designed to support overstretched SOC teams, providing them with 24/7 access to world-class cybersecurity expertise. It ensures enterprises stay one step ahead of all known and emerging threats, effectively closing the cybersecurity skills gap, and facilitating expert consultations for incident management and containment in a fully managed experience.

ESET also sets itself apart with its own telemetry and unique global coverage, leveraging its detections and ESET Research to gather unique data about attacks, a competitive edge not offered by many players in the market.

"With the update of our business offering, we want to make ESET products accessible to customers without the necessary skill set or resources to operate them, but to also empower organizations to navigate the digital landscape confidently, safeguarded by our expertise and continuous, comprehensive coverage," stated Michal Jankech, Vice President of SMB and MSP segment at ESET.

Enhancements to the ESET business portfolio

Additionally, all ESET PROTECT subscription tiers, starting from ESET PROTECT Advanced, are now enhanced with ESET Mobile Threat Defense (EMTD). This new value-added, standalone module extends attack vector coverage to an organization's entire mobile fleet, seamlessly integrating into the ESET PROTECT Platform for efficient management, ensuring comprehensive protection for mobile devices. EMTD also includes a Mobile Device Management (MDM) functionality, with added support for Microsoft Entra ID.

Moreover, ESET Server Security introduces a firewall specifically designed for Windows servers, and Vulnerability & Patch Management, offering manual patch management and a 60-second delay of application process kill.

Finally, ESET LiveGuard Advanced now also offers advanced behavioral reports for our detection and response customers, providing an in-depth look into how our cloud sandboxing technology analyzes suspicious files, offering better visibility and context for security operators like cybersecurity and threat analysts, security engineers, or threat responders.

"This significant launch underscores ESET's unwavering dedication to delivering superior protection and services, effectively responding to the dynamic challenges faced by customers to stay one step ahead of threats," added Michal Jankech, Vice President of SMB and MSP segment at ESET.

For more detailed information about ESET and its updated portfolio, please visit the dedicated offering pages for SMBs and Enterprises.

About ESET  
ESET provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyber threats — securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, its AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multi-factor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and X.

ESET PROTECT Portfolio Now Includes New MDR Tiers and Features

Red teaming is a crucial part of proactive GenAI security that helps map and measure AI risks.

Source: josefotograf via Alamy

Generative artificial intelligence (GenAI) has emerged as a significant change-maker, enabling teams to innovate faster, automate existing workflows, and rethink the way we go to work. Today, more than 55% of companies are currently piloting or actively using GenAI solutions.

But for all its promise, GenAI also represents a significant risk factor. In an ISMG poll of business and cybersecurity professionals, respondents identified a number of concerns around GenAI implementation, including data security or leakage of sensitive data, privacy, hallucinations, misuse and fraud, and model or output bias.

For organizations looking to create additional safeguards around GenAI use, red teaming is one strategy they can deploy to proactively uncover risks in their GenAI systems. Here's how it works.

**Unique Considerations When Red Teaming GenAI**

GenAI red teaming is a complex, multistep process that differs significantly from red teaming classical AI systems or traditional software.

For starters, while traditional software or classical AI red teaming is primarily focused on identifying security failures, GenAI red teaming must account for responsible AI risks. These risks can vary widely, ranging from generating content with fairness issues to producing ungrounded or inaccurate information. GenAI red teaming has to explore potential security risks and responsible AI failures simultaneously.

Additionally, GenAI red teaming is more probabilistic than traditional red teaming. Executing the same attack path multiple times on traditional software systems is likely to yield similar results.

However, due to its multiple layers of nondeterminism, GenAI can provide different outputs for the same input. This can happen due to app-specific logic or the GenAI model itself. Sometimes the orchestrator that controls the output of the system can even engage different extensibility or plug-ins. Unlike traditional software systems with well-defined APIs and parameters, red teams must account for the probabilistic nature of GenAI systems when evaluating the technology.

Finally, system architectures vary widely between different types of GenAI tools. There are standalone applications, integrations with existing applications, and input and output modalities, like text, audio, images, and videos, for teams to consider.

These different system architectures make it incredibly difficult to conduct manual red-team probing. For example, to surface violent content generation risks on a browser-hosted chat interface, red teams would need to try different strategies multiple times to gather sufficient evidence of potential failures. Doing this manually for all types of harm, across all modalities and strategies, can be exceedingly tedious and slow.

**Best Practices for GenAI Red Teaming**

While manual red teaming can be a time-consuming, labor-intensive process, it's also one of the most effective ways to identify potential blind spots. Red teams can also scale certain aspects of probing through automation, particularly when it comes to automating routine tasks and helping identify potentially risky areas that require more attention.

At Microsoft, we use an open automation framework — known as the Python Risk Identification Tool for generative AI (PyRIT) — to red team GenAI systems. It is not intended to replace manual GenAI red teaming, but it can augment red teamers' existing domain expertise, automate tedious tasks, and create new efficiency gains by identifying hot spots for potential risks. This allows security professionals to control their GenAI red-teaming strategy and execution while PyRIT provides the automation code to generate potentially harmful prompts based on the initial dataset of harmful prompts provided by the security professional. PyRIT can also change tactics based on the GenAI system's response and generate its next input. 

Regardless of the method you use, sharing GenAI red-teaming resources like PyRIT across the industry raises all boats. Red teaming is a crucial part of proactive GenAI security, enabling red teamers to map AI risks, measure identified risks, and build out scoped mitigations to minimize their impact. In turn, this empowers organizations with the confidence and security they need to innovate responsibly with the latest AI advances.

— Read more Partner Perspectives from Microsoft Security

**About the Author(s)**

Microsoft

Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

How to Red Team GenAI: Challenges, Best Practices, and Learnings

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.

Monday, April 29, 2024 08:00

If state-sponsored actors are after one thing, it’s to spread fear and uncertainty across the internet. 

There’s always money to be made targeting individual businesses and organizations, but for James Nutland’s work, it’s always about the bigger picture. And his background in studying counterterrorism and interpersonal social dynamics provides him a unique perspective on APTs’ goals and methods. 

Nutland, an analyst with Cisco Talos’ Threat Intelligence and Interdiction team, didn’t begin his journey into cybersecurity through the traditional pathways. Instead, he went to college to obtain his bachelor’s degree in social psychology, particularly interested in social engineering, eventually obtaining his master’s in counterterrorism from the University of East London. 

That may sound like a degree someone gets to serve on a physical battlefield, but as Nutland puts it, security research and counterterrorism carry some of the same throughlines. 

“It’s providing you a set of skills you can then use in multiple modalities,” he said. “It’s the analysis, the eagerness to delve into the unknown, to assess swathes of noisy information, picking out the pieces to establish different threads to try and establish patterns and hopefully attribution — it’s that kind of analytical investigative thinking that really helps for threat hunting.” 

Nutland (right) speaking at MITRE ATT&CK Con last year.

Nutland’s technical experience comes from his undergraduate days when he started working in tech support for his college. Eventually, he got into system administration work after he moved to the U.S. during the peak of the COVID-19 pandemic.  

After various roles protecting both business and academic environments, Nutland decided to apply to Talos essentially on a whim after seeing a job listing whilst researching IOCs on the Talos intelligence center. In his current role, he conducts regular threat hunting and analysis campaigns to learn more about broader trends in the security landscape and state-sponsored threat actors. His work recently led to the disclosure of a campaign targeting Mexico users with tax-themed lure documents called “TimbreStealer,” and he participates in Cisco Talos Incident Response’s Intel-on-Demand service.  

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.  

“With my academic background, I’m very inquisitive. That’s proven to be a good asset,” he said. “I have a good understanding of the content and presentation of intelligence sought after in security management and operations. It’s great providing this intelligence, but providing actionable intelligence for security teams, understanding what’s required for that, it’s integral for many of the products we produce.” 

Recently, Nutland says he’s been focusing more on tracking prominent and burgeoning ransomware threat actors, as well as researching dark web activities where threat actors are leveraging obfuscated channels for their communication. Social media sites have gotten better about blocking this type of activity, he said, which has pushed them to decentralized communication platforms. He’s also tracking dark web sites that are used for obtaining ransom payments, spreading propaganda and trying to radicalize other users. 

Nutland’s work has also been crucial in Talos’ support of Ukraine during Russia’s invasion. He worked on several victim notifications for the Ukraine Task Force and discovered the malicious use of a defense evasion tool, which can wipe traces and logs of any USB devices that may have been connected to hardware and certain user activity on the host.  

“I initially saw a suspicious specific set of commands that were being run related to the executable, that I was able to track across multiple potential Ukrainian victims which Ukrainian organizations are now looking to crack down on,” Nutland said. 

In all his roles so far in his career, Nutland said he’s experienced various forms of imposter syndrome throughout his career, as many do. He said he often found himself questioning decisions, or feeling like other teammates were more qualified for his role. But at Talos, his managers have encouraged him to turn over every rock and go into every situation, curious and open. That’s allowed him to overcome that imposter syndrome and become a sponge, learning everything he could about a particular topic and becoming an expert in his own right. 

This culminated in a presentation to more than 300 people at the MITRE ATT&CKcon 4.0 in October, where he and his teammate, Nicole Hoffman, gave a talk about how threat actors can use the ATT&CK framework to track adversary activity. 

“Here are these titans of threat intelligence at a world-renowned convention. And here’s me, recently employed at Talos, and with incredible imposter syndrome,” Nutland said. “But there were about 300 people in the room, and Nicole and I knocked it out of the park. I never thought I’d be doing that.” 

Outside of the office, Nutland enjoys playing rugby, and he even was recently able to play a scrimmage against the Colombian National Team, a particular highlight for his career outside of cybersecurity.

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

By Deeba Ahmed
New Android malware alert! Brokewell steals data, takes over devices & targets your bank. Learn how this sneaky malware works & what you can do to protect yourself. Stop Brokewell before it stops you!
This is a post from HackRead.com Read the original post: Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

Brokewell malware poses a new cybersecurity threat to your device and personal information. Unlike your typical data-stealing app, Brokewell takes it a step further by granting attackers near-complete control of your phone.

In their report, fraud risk firm ThreatFabric’s threat intelligence researchers shared details of a newly discovered Android banking malware dubbed Brokewell, which uses overlay attacks to capture user credentials and steal cookies.

Further probing revealed a repository called “Brokewell Cyber Labs,” created by an individual “Baron Samedit.”  This repository hosted the source code for the “Brokewell Android Loader,” a tool designed to bypass Android 13+ accessibility restrictions and widely used by cybercriminals.

Brokewell has previously been used in campaigns targeting “buy now, pay later” financial services like Klarna and in exploiting the Austrian digital authentication application, ID Austria.

****Fake Updates, Real Danger****

Brokewell hides behind a familiar facade – fake software updates. It typically masquerades as a critical update for Google Chrome, tricking users into downloading and installing it. Once installed, Brokewell unleashes its wrath as it isn’t just after your login credentials. It’s a comprehensive toolkit for conducting a wide-scale data theft. 

Fake Chrome browser update as seen by ThreatFabric

The trojan uses its own WebView to load a legitimate website and dumps session cookies after the victim completes the login process. Brokewell also has “accessibility logging” capabilities, capturing every event on the device, posing a threat to all installed applications.

****What Information is at Stake?****

Brokewell can steal a wide range of information, including call logs, text messages, and contact lists. Moreover, it looks for your financial apps and if found, it overlays fake login screens on top of legitimate banking apps, capturing your login details without you realizing it.

The most problematic part is that Brokewell grants attackers remote access to your device. It supports spyware functionalities, collecting device information, geolocation, and recording audio. After stealing credentials, the actors can initiate a Device Takeover attack using remote control capabilities.

****An Evolving Threat****

In their blog post, ThreatFabric researchers warned that althoughBrokewell is under active development, the malware’s creators are constantly adding new features to enhance its capabilities.

To protect yourself from Brokewell and other malicious software, download apps from the official Google Play Store only.  Be cautious of fake updates and always use a reputable security app. Staying updated on the latest Android security threats is crucial to protect your device.

****Experts’ Opinion****

Ray Kelly, Fellow from Synopsys Software Integrity Group shared their thoughts on Brokewell’s discovery with Hackread.com stating, _“_As a policy, users should never install apps outside of the Google and Apple stores as Malware often sneaks in through ‘side loading’ apps, especially on rooted or jailbroken devices from fake stores._“_

“What makes this instance different is that the malicious app sideloaded on non-rooted devices and bypassed Google’s security measures,” stressed Ray. _“_The key takeaway is don’t fall for web popups prompting app updates; always rely on the Play Store for updates to safeguard against such threats._“_

1.  Android TV Boxes Infected with Backdoors
2.  SpyNote Android Spyware Poses as Legit Crypto Wallets
3.  Fake YouTube Android Apps Used to Distribute CapraRAT
4.  Xamalicious Backdoor Infects 25 Apps, Affects 327K Devices
5.  Android Malware FjordPhantom Steals Funds Via Virtualization

Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program.

Controversial gunshot-detection company ShotSpotter has deployed more than 25,000 microphones across 170 cities worldwide. This week, WIRED and _South Side Weekly_ revealed the company may continue to provide gunshot data to police in cities even after contracts have ended. Internal emails seen by the publications suggest ShotSpotter sensors may have stayed online despite law enforcement deals having expired, raising questions about what will happen to 2,500 microphones in Chicago when its contract runs out at the end of the year.

Elsewhere, Change Healthcare finally admitted to paying a ransom to the AlphV hackers, also known as BlackCat, that extorted the medical company. Weeks ago, WIRED revealed the attackers were paid $22 million, one of the largest ransomware payments ever. However, in a statement this week the company admitted for the first time that it paid the ransom as part of its effort “to do all it could to protect patient data from disclosure.” Some of that data still found its way onto the dark web.

In another successful grift, researchers have found animators in North Korea creating artwork for major Hollywood studios. A misconfigured North Korea cloud server, discovered at the end of last year, contained thousands of animation files, notes, and working documents for productions of shows that stream on Amazon Prime Video and Max. The companies likely didn’t know workers from the Hermit Kingdom were creating the artwork, but it’s another example of how North Korea is using skilled workers to circumvent sanctions and make the regime money.

Meanwhile, Cisco revealed this week that some of its devices, called Adaptive Security Appliances, have been targeted by state-sponsored hackers who exploited two zero-day vulnerabilities in the systems. The attack, dubbed ArcaneDoor, is believed to have had an espionage focus and sources suspect China’s state-backed hackers may be the culprits.

The November presidential elections may still be months away, but the next US president will have increased surveillance capabilities. This week Joe Biden signed a controversial bill extending and enhancing Section 702 of the Foreign Intelligence Surveillance Act. FISA allows spy agencies to collect Americans’ calls, emails, and more when pursuing foreign intelligence. Critics say the changes are “a gift to any president who may wish to spy on political enemies.”

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**School Principal Framed Using AI Voice Deepfake**

In January, an Instagram account in Baltimore, Maryland, posted an alleged audio recording of local school principal Eric Eiswert making racist and antisemitic comments. Baltimore County Public Schools quickly opened an investigation into the incident. However, this week, a former athletic director at Pikesville High School was arrested after police said he used artificial intelligence software to create the fake audio clip of Eiswert. The audio included comments about “ungrateful Black kids” and disparaging remarks about the Jewish community.

Dazhon Darien, the former staff member, was arrested after being stopped in possession of a gun at an airport when officials saw there was an outstanding arrest warrant, the _Baltimore Banner_ reported. The media organization reports that Darien was charged with disrupting school activities and stalking. The fake clip was allegedly made in retaliation for the principal investigating Darien over irregular payments to his roommate.

Police reports, the _Banner_ says, indicate that the audio clip had a “profound” impact on the school principal. “It not only led to Eiswert’s temporary removal from the school but also triggered a wave of hate-filled messages on social media and numerous calls to the school,” police reports said.

Voice-cloning technology, which can fall under the broader banner of deepfake technology, has rapidly improved within the last year. Cloning tools can recreate someone’s voice to a relatively realistic level using just a few seconds of real audio. The systems have increasingly been used to impersonate politicians and scam people over the phone.

**General Motors Stops Driving Surveillance, Following Privacy Complaints**

Your car knows a lot about you—from where and how you drive, to your weight and how you sit. This week, following a series of revelations from _New York Times_ reporter Kashmir Hill, General Motors announced it will end its “Smart Driver” program and unenroll all customers. Until the reports from the _Times_, GM was sharing data with data brokers LexisNexis and Verisk, which shared it with insurers and led to high payments for some people. The OnStar Smart Driver program had been designed to promote safer driving, GM said. However, many people were not aware they had been enrolled in the system. Ten lawsuits have been filed so far about the Smart Driver program and how it shared data.

**Google Delays Killing Cookies—Again**

In January 2020, Google said it would remove third-party cookies from Chrome within two years—following Safari, Brave, Firefox, and other browsers in eradicating the tracking technology. It’s now April 2024 and the company has delayed the change for a third time, saying it’ll happen in 2025. Google’s proposed cookie replacement has faced scrutiny from competition and privacy regulators in the UK, with critics saying cookies are just being replaced by another form of tracking and suggesting the changes could further benefit Google’s ad business.

**Samourai Wallet Founders Arrested Over $2 Billion Unlawful Transactions**

Keonne Rodriguez and William Lonergan Hill, the founders of crypto-mixing service Samourai Wallet, were charged by US prosecutors this week for running an unlicensed money transfer business and conspiracy to commit money laundering. The company processed $2 billion in “unlawful transactions” and “facilitated more than $100 million in money laundering,” according to Damian Williams, the United States Attorney for the Southern District of New York, and other investigators. The charges can carry a maximum of 20 years each. The move comes as US prosecutors try to clampdown on crypto mixing services that may be used to hide funds or allow illicit behavior. Mixers Bitcoin Fog, Helix, and Tornado Cash have all faced action in recent years.

**Chinese Keyboard Vulnerabilities Could Reveal Typing**

New research from the University of Toronto’s Citizen Lab this week revealed vulnerabilities in eight Chinese keyboard apps that, if exploited, could allow everything typed to be intercepted. Up to a billion people may be impacted, the researchers say. They tested apps from major technology companies and phone makers, including Baidu, Honor, Huawei, Samsung and Tencent. “Most of the vulnerable apps can be exploited by an entirely passive network eavesdropper,” they researchers write, adding that most of the impacted companies fixed the vulnerabilities when they were reported.

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

A ban on weapons of mass destruction in orbit has stood since 1967. Russia apparently has other ideas.

Russia vetoed a United Nations Security Council resolution Wednesday that would have reaffirmed a nearly 50-year-old ban on placing weapons of mass destruction into orbit, two months after reports Russia has plans to do just that.

Russia's vote against the resolution was no surprise. As one of the five permanent members of the Security Council, Russia has veto power over any resolution that comes before the body. China abstained from the vote, and 13 other members of the Security Council voted in favor of the resolution.

If it passed, the resolution would have affirmed a binding obligation in Article IV of the 1967 Outer Space Treaty, which says nations are "not to place in orbit around the Earth any objects carrying nuclear weapons or any other kinds of weapons of mass destruction."

**Going Nuclear**

Russia is one of 115 parties to the Outer Space Treaty. The Security Council vote Wednesday follows reports in February that Russia is developing a nuclear anti-satellite weapon.

"The United States assesses that Russia is developing a new satellite carrying a nuclear device," said Jake Sullivan, President Biden's national security advisor. "We have heard President Putin say publicly that Russia has no intention of deploying nuclear weapons in space. If that were the case, Russia would not have vetoed this resolution."

The United States and Japan proposed the joint resolution, which also called on nations not to develop nuclear weapons or any other weapons of mass destruction designed to be placed into orbit around the Earth. In a statement, US and Japanese diplomats highlighted the danger of a nuclear detonation in space. Such an event would have "grave implications for sustainable development, and other aspects of international peace and security," US officials said in a press release.

With its abstention from the vote, "China has shown that it would rather defend Russia as its junior partner, than safeguard the global nonproliferation regime," said Linda Thomas-Greenfield, the US ambassador to the UN.

US government officials have not offered details about the exact nature of the anti-satellite weapon they say Russia is developing. A nuclear explosion in orbit would destroy numerous satellites—from many countries—and endanger astronauts. Space debris created from a nuclear detonation could clutter orbital traffic lanes needed for future spacecraft.

The Soviet Union launched more than 30 military satellites powered by nuclear reactors. Russia's military space program languished in the first couple of decades after the fall of the Soviet Union, and US intelligence officials say it still lags behind the capabilities possessed by the US Space Force and the Chinese military.

Russia's military funding has largely gone toward the war in Ukraine for the last two years, but Putin and other top Russian officials have raised threats of nuclear force and attacks on space assets against adversaries. Russia's military launched a cyberattack against a commercial satellite communications network when it invaded Ukraine in 2022.

Russia has long had an appetite for anti-satellite (ASAT) weapons. The Soviet Union experimented with "co-orbital" ASATs in the 1960s and 1970s. When deployed, these co-orbital ASATs would have attacked enemy satellites by approaching them and detonating explosives or using a grappling arm to move the target out of orbit.

In 1987, the Soviet Union launched an experimental weapons platform into orbit to test laser technologies that could be used against enemy satellites. Russia shot down one of its own satellites in 2021 in a widely condemned "direct ascent" ASAT test. This Russian direct ascent ASAT test followed demonstrations of similar capability by China, the United States, and India. Russia's military has also demonstrated satellites over the last decade that could grapple onto an adversary's spacecraft in orbit, or fire a projectile to take out an enemy satellite.

These ASAT capabilities could destroy or disable one enemy satellite at a time. The US Space Force is getting around this threat by launching large constellations of small satellites to augment the military's much larger legacy communications, surveillance, and missile warning spacecraft. A nuclear ASAT weapon could threaten an entire constellation or render some of space inaccessible due to space debris.

Russia's ambassador to the UN, Vasily Nebenzya, called this week's UN resolution "an unscrupulous play of the United States" and a "cynical forgery and deception." Russia and China proposed an amendment to the resolution that would have banned all weapons in space. This amendment got the support of about half of the Security Council but did not pass.

Outside the 15-member Security Council, the original resolution proposed by the United States and Japan won the support of more than 60 nations as co-sponsors.

"Regrettably, one permanent member decided to silence the critical message we wanted to send to the present and future people of the world: Outer space must remain a domain of peace, free of weapons of mass destruction, including nuclear weapons," said Kazuyuki Yamazaki, Japan's ambassador to the UN.

_This story originally appeared on_ _Ars Technica._

Russia Vetoed a UN Resolution to Ban Space Nukes

By Waqas
The Department of Homeland Security (DHS) has formed an AI Safety Board to ensure secure AI use in critical infrastructure.
This is a post from HackRead.com Read the original post: DHS Establishes AI Safety Board with Tech Titans and Experts

The board also includes OpenAI CEO Sam Altman and Alphabet CEO Sundar Pichai. Some experts argue that this presents a conflict of interest, given that both companies are deeply engaged in developing proprietary AI models.

The Department of Homeland Security (DHS) announced the formation of the Artificial Intelligence Safety and Security Board (the Board) on Friday, April 26th, 2024. This move comes amidst growing concerns about security vulnerabilities and the potential risks of artificial intelligence (AI) systems, particularly within the nation’s critical infrastructure sectors.

The Board will serve in an advisory capacity, providing recommendations to the Secretary of Homeland Security, critical infrastructure stakeholders, and the public on the responsible development and deployment of AI technologies.

Its focus, according to the Department of Homeland Security today announcement, will be on ensuring these technologies are implemented securely and effectively within sectors like energy, transportation, finance, and communication networks.

This initiative aligns with President Biden’s Executive Order on AI and Advanced Computing, signed in October 2023. The order called for a national strategy to promote responsible AI development and mitigate potential risks, including those related to security and safety in critical infrastructure.

The Board will bring together prominent industry experts from AI hardware and software companies, leading research labs, critical infrastructure entities, and the U.S. government,” the DHS stated in a press release.

The Board’s membership reportedly includes tech leaders like OpenAI CEO Sam Altman and Alphabet CEO Sundar Pichai, alongside experts in AI, civil rights, and representatives from critical infrastructure companies

This announcement follows the release of DHS’s first “Artificial Intelligence Roadmap” in March 2024. The roadmap outlines the department’s plans to leverage AI responsibly for homeland security missions while safeguarding individual privacy, civil rights, and liberties. It also emphasizes national leadership in AI through collaborative partnerships.

“The establishment of the Artificial Intelligence Safety and Security Board by the DHS is a good step towards making sure the development and deployment of AI technology in critical infrastructure is done safely and securely,” stated Joseph Thacker, principal AI engineer and security researcher at AppOmni, a SaaS security pioneer.

“By bringing together a wide array of experts, the board will provide valuable insights and recommendations which will hopefully mitigate the risks associated with AI while still reaping the benefits,” he added.

However, Joseph argued the conflict of interest factor, citing board members who are among the founders and top bosses of companies heavily involved in developing AI source models.

“One major concern I have is that there is a large conflict of interest by bringing in the companies that are developing the closed source AI models. They are incentivized to recommend against open source models for “safety reasons” when it would massively help their business models and positively affect their bottom line.”

Nevertheless, the Board’s formation is a significant step towards ensuring the safe and secure integration of AI within the nation’s critical infrastructure. Its recommendations will be crucial for developing best practices and mitigating potential risks associated with AI deployment in these sensitive sectors.

1.  White House Strategy: Software Firms Liable for Breaches
2.  AI Generated Fake Obituary Websites Target Grieving Users
3.  US-Led 40 Countries Alliance to Combat Ransomware Threat
4.  Poisoned Data, Malicious Manipulation: NIST Reveals AI Flaws
5.  Dark Web Pedophiles Using Open-Source AI to Generate CSAM

DHS Establishes AI Safety Board with Tech Titans and Experts

PRESS RELEASE

London, UK. 24th April 2024: Performanta, the multinational cybersecurity firm specialising in helping companies move beyond security to achieve cyber safety, has uncovered a trend in how developing countries are being targeted by nation state actors.

The firm’s analysis explored the origins and characteristics of Medusa, a ransomware-as-a-service targeting organisations globally. The patterns suggest that developing countries are hit first with a trend that shows a rising impact on developed countries. It implies that ransomware activities are not entirely random and a strategy is in place to focus on organisations within developing countries as their initial targets.

Guy Golan, CEO and Executive Chairman of Performanta, states: “Our analysis suggests that BRICS nations, and particularly the African continent, have become a testing ground for nation-state attacks. In order to achieve a more cyber safe environment for all organisations globally, we need to increase awareness of this growing issue. It is only through understanding the trends and patterns of geopolitical cyber warfare that will enable us to bring clarity to the global threat landscape.”

Performanta’s research has delved into precisely how attackers are using Africa, and the extent to which the region is under major threat.

In South Africa, a 10-year review of the cyber threat landscape found that the most prevalent perpetrators of attackers were trained hackers, and the top three most likely targeted industries on the continent are finance, manufacturing and energy. This poses a serious problem, with the average successful nation-state-backed cyber attack costing an average of $1.6 million per incident.

Performanta’s report also reveals a large increase in financial/banking trojans with a 59% increase in Kenya and a 32% increase in Nigeria across a single quarter.

Golan continues: “Attackers likely perceive attacking Africa to have fewer risks to themselves than directly attacking the West, and as a bridge to the Western world, it’s likely that methods are tried and tested in Africa first, before being deployed across developed countries later. As an emerging economy, Africa may have become an entry point for attackers aiming to access and disrupt Western assets indirectly. No matter the reasoning, the West and Africa must implement long-term collaborative efforts to build a strong defence against this threat.”

With a strong foothold in both South Africa and the UK, Performanta is uniquely positioned to bridge the gap between nations to form a cyber safe defence against nation-state enemies.

For more information or to read Performanta’s full report, download here.

About Performanta

Performanta is a multinational company that specialises in cyber safety. Founded in 2010, we have grown to over 180 security professionals. We provide risk and resilience consulting, managed detection and response, and continuous threat exposure management services, with a human touch. Our focus extends beyond your security controls, to your wellbeing. We work tirelessly with clients to manage the cyber security risks.

Performanta is a leading Microsoft Solutions Partner. We have been nominated by Microsoft to join its Intelligent Security Association (MISA), a worldwide group comprising 300 of its most proficient partners.

 Performanta is approved to design, develop and operate security solutions for on-premises and cloud service users. We specialise in Managed Extended Detection & Response (MXDR), Identity and Access Management, and Threat Protection.

We work with enterprises across many industry sectors, that require a cyber safety service. Operating from the UK, South Africa, North America and continental Europe, our teams deliver global services with a local feel.

Tag

#intel