CyberScoop

We're thrilled to announce the nominees for the 2024 #CyberScoop50 Awards! These cybersecurity trailblazers are not just combating today's threats but are also innovating to safeguard our future. Their dedication keeps our global networks secure and resilient. Show your support by voting for your top cybersecurity leader. Cast your vote now: https://lnkd.in/dGV3HvSi

An advisory committee to the Cybersecurity and Infrastructure Security Agency on Friday approved a series of reports to be delivered to the agency aimed at boosting national cyber resilience, increasing public awareness of CISA efforts, and better securing the world’s digital ecosystem. Members of CISA’s Cybersecurity Advisory Committee approved the four draft reports and multiple recommendations in response to looming threats by Chinese hackers to critical infrastructure. The reports were drafted by subcommittees and focused on building up the nation’s critical infrastructure resilience, ensuring widespread adoption of the agency’s secure-by-design initiative, increasing public awareness, and solving the messy issue around securing the open-source software supply chain. https://lnkd.in/eDfKTi3C

🛡️ Strengthen your digital defenses at #CyberTalks! Join us on October 30 in Washington, D.C. Learn from top leaders in government and technology about the latest cyber threats and AI-driven risks. Discover new strategies to protect your organization against sophisticated cyberattacks. Secure your spot now and be part of the discussion to enhance national security and global stability. 🔗 https://lnkd.in/eP7Qx6N2

National Cyber Director Harry Coker said that the White House is focused on securing two foundational aspects of the tech landscape: how information packets are routed across the internet and computer programming languages that can be susceptible to memory-related errors. Speaking at a Recorded Future event Wednesday in Washington, D.C., Coker said the White House is looking at next steps to secure Border Gateway Protocol, or BGP, which directs data through the most efficient internet route via thousands of public and private networks. https://lnkd.in/eAMKr7Pp

OpenAI said it has disrupted more than 20 operations and networks over the past year from foreign actors attempting to use the company’s generative AI technologies to influence political sentiments around the world and meddle in elections, including the United States. In some cases, the actors attempted to use ChatGPT and other OpenAI tools to analyze and generate social media content, creating fake articles for websites, debugging malware, writing biographies and performing a host of other tasks that support online influence efforts. However, despite a surge of malicious use, the technology’s overall impact appears to be more complimentary than game-changing. https://lnkd.in/e9baEExt

Microsoft on Tuesday shared security updates on 117 common vulnerabilities and exposures, including two that are being actively exploited, according to the company. The actively exploited vulnerabilities relate to the Microsoft Management Console (CVE-2024-43572) and the Windows MSHTML Platform (CVE-2024-43573), the company said. https://lnkd.in/evG7-Qp3

The number of malicious packages found in the open-source ecosystem has dramatically grown in the past year, according to a new report from Sonatype. The cybersecurity firm found that the number of malicious packages intentionally uploaded into open-source repositories has jumped by more than 150% compared to last year. Open-source software, a transparent development process where almost anyone can contribute to the code and components, is the bedrock of the digital age that can be found in most modern digital technologies. https://lnkd.in/epdR_pfw

Marriott International and its subsidiary Starwood Hotels and Resorts have agreed to a settlement with the federal and state authorities over three separate data breaches between 2014 and 2020. In a 16-page proposed consent order with the Federal Trade Commission, the hotel chains agreed to a series of compulsory actions https://lnkd.in/eNcaGhfw

Russian government hackers are targeting known, unpatched vulnerabilities to victimize specific organizations like governments and defense contractors while also scanning the internet for any susceptible systems to attack, U.S. and U.K. cyber agencies said in a joint alert. The threat actors tied to the Russian Foreign Intelligence Service (SVR) “are highly capable of and interested in exploiting software vulnerabilities” in order to both gain initial access to their target organization and then move around in its systems, the Thursday advisory states. https://lnkd.in/eYaYEXGn

Members of Congress are pressing federal agencies and telecommunications companies for more information about a reported Chinese government-backed hacking campaign that breached the networks of at least three major U.S. telecoms. Earlier this month, the Wall Street Journal reported that a hacking group tied to Beijing successfully broke into the networks of Verizon, AT&T and Lumen Technologies. The hackers reportedly went undetected for months, possibly gaining access to systems and infrastructure used to process court-authorized wiretaps. https://lnkd.in/e3FqTAJK