CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

TORONTO - The Ontario Securities Commission (OSC) is pleased to announce the release of the 2024 Investment Fund Survey (IFS) data dashboard.

In this special episode, we're remembering StoryCorps participant Rick Abath, who talked to his wife, Diana, about being on guard during the biggest art heist in history. Rick died last month at the age of 57.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Toronto, ON — The Truth and Reconciliation Commission’s final report, tabled yesterday, provides an indelible pathway for our individual and collective need to heal and reconcile our past in order to move forward. Central to moving forward on an improved relationship between Indigenous people and Canadians is helping young Indigenous people and families meet and […]

Desktop 3D printers generate ultrafine particles (UFPs) while in operation. UFPs may pose a health concern since they are the size of nanoparticles and may be inhaled and penetrate deep into the human pulmonary system.

July PPC meeting at the CMSC Conference concludes last phase of Roadmap project.

Maplesoft today released Möbius, a hands-on learning tool focused on science, technology, engineering and mathematics education. The online courseware environment provides an interactive platform for students to explore STEM concepts, visualize problems and solutions, and receive real-time assessment feedback.

The AHR Expo (International Air-Conditioning, Heating, Refrigerating Exposition) released the full schedule for the 2025 AHR Expo Education Program. 

Trane introduces Thermal Battery™ Storage-Source Heat Pump System, Trane/Mitsubishi Electric HVRF, Versatile Axiom™ Water Source Heat Pumps, Next-Generation Precedent® Rooftop Units, and two enhanced air handlers. 

Posted by Gordon Fyodor Lyon on May 05

Posted by CISA on Mar 21

Posted by CISA on Mar 21

Posted by CISA on Mar 23

Posted by CISA on Mar 28

Posted by Dave Aitel via Dailydave on Aug 02

This episode is a discussion with Michael Nygard about his book "Release It" which covers aspects of software architecture you often don't think of initially when starting to build a system. Some of the points we discussed were capacity planning, recovery as well as making the system suitable for operation in a data center.

XGIMI has released the Horizon S series lifestyle projectors featuring an advanced hybrid laser/LED light source that achieves wide BT.2020 gamut while minimizing laser speckle and color fringing.

Hisense has bolstered its 2024-2025 UST line-up with the PL2, a cost effective single-laser model that brings many of the desirable features of its higher end offering at an attractive $2,499 price point.

PA CATHOLIC CONFERENCE APPLAUDS HOUSE PASSAGE OF MARRIAGE ACT HARRISBURG, PA — The Pennsylvania Catholic Conference applauds today’s passage of House Bill 360, which, in addition to addressing some covid-19 related concerns, establishes 18 as the minimum age for marriage in Pennsylvania. The bill has been supported by the PCC since its inception, particularly as a means to help fight human trafficking. “This is good legislation for a number of reasons—first and foremost that it will help to end a problem in the law that has allowed girls as young as 12 to be married in PA,” said PCC Executive Director Eric Failing. “This can place them in a dangerous situation where they can be victims of domestic violence and exploited in sex trafficking. Advocates believe there are over 2,000 children who have been married in Pennsylvania.” The PCC has supported several measures designed to fight human trafficking, including the Safe-Harbor law that passed last session and the Buyer Beware act that passed earlier this session. Failing thanked the sponsor of the bill, Sen. Jesse Topper (R-Bedford, Franklin, Fulton) for his leadership and persistence on seeing the bill through.   Pennsylvania is one of 27 states that do not have a minimum age to marry. Currently, the state permits a minor under age 16 to marry with parental consent and a court determination that the marriage is in the best interest of the minor. The law also permits a 16 or 17 year old to marry with only parental consent.   The Pennsylvania Catholic Conference is based in Harrisburg and is the public affairs arm of Pennsylvania’s Catholic bishops  

Comprehensive playbooks on recyclability, reuse and compostability offer roadmap for sustainable plastic management.

Returning to Swissotel Chicago, Sustainability in Packaging US 2025 will take place March 5-7

The Food Processing Suppliers Association (FPSA) today released the schedule of its slate of packaging sessions as part of the PROCESS EXPO UNIVERSITY educational program taking place at Chicago's McCormick Place from September 15-18, 2015.

SOMA increases the performance parameters of its slitters, offering greater speed and larger rewind roll diameter.

The new machine is the industry’s first robotic automated system that can reliably handle the flow of parts ejected from any trim press, as the system enables full automation of the entire thermoforming process.

 The updated VF-1200 is more sanitary, allowing for high pressure washdown needs to be met.

These tequilas are a part of the brand’s Devils vs. Angels themed release and come just in time for summer. With only 1,200 bottles of each expression available, they’re a must-have for tequila aficionados.

The four-flap cups are currently available in several other international markets like Canada and Indonesia – and this month, it’s finally time for U.S. fans to try them out. 

The ACP-722 RRP offers one of the smallest footprints currently available, being up to 50% smaller than equivalent casepacker models.

Eyeris® comes in nine vivid colors and adapts to various sizes and shapes of aluminum cans and impact extruded bottles, making it versatile for beverage, household and personal care products.

The aluminum coffee pod addresses the environmental crisis caused by the 40 million plastic coffee pods that end up in landfills and oceans every day, offering a more eco-friendly and high-quality alternative.

 The two products are designed to properly handle eggs and various fruits, respectively. 

Techlan, with the help of ISRA Vision, developed its Re-Liner, a silicone release material that is 100% recycled, and can be reused up to 10 times in a circular system.

The X52’s proprietary software provides increased adaptability by seamlessly transitioning between single energy, dual energy or both modes, optimizing the performance of the system depending on the application.

The US CPI will be released tomorrow at 8:30 AM ET. What is expected?

• October Headline CPI expected to rise by 0.2% MoM, which is the same as last month. The forecasted range is 0.1 to 0.3%.
• YoY Headline CPI expected to increase to 2.6%, up from 2.4%, with a forecast range of 2.3 to 2.6%. A change of 0.0% will fall out of the YoY calculation this month.
• Core CPI projected to rise 0.3% MoM and 3.3% YoY, matching the previous month. The forecast range is 0.2 to 0.3% MoM and 3.2 to 3.4% Y/Y. A year ago, a gain of 0.2% falls out of the calculation.

The US PPI will be released on Thursday with the expectations of 0.2% for the MoM headline and 0.3% for the core measure.

Fed's Barkin this morning on inflation kept it simple saying::

• Inflation might be coming under control or might risk getting stuck above Fed 2% target.

Kashkari had more to say about inflation today with different influences. He said.

• Uncertainty exists around the impact of new government policies on inflation.
• A one-time tariff increase is transitory but could become a sustained issue if it escalates, introducing inflation risks.
• Immigration policy changes could have a significant effect on inflation, but the outcome is uncertain.
• Inflation from new leases will take a couple of years to work through the system.
• Housing inflation is expected to return to normal levels, but it may take a year or two.
• If inflation surprises to the upside before December, it may affect policy decisions.
• Current long-term yield increases don’t seem to reflect heightened inflation expectations.
• Higher productivity could suggest a higher neutral rate, potentially influencing future rate cuts.

Washington, D.C. -- The National Association of Broadcasters today released new radio spots and digital ads highlighting the importance of AM radio in the automobile. These tools include a direct call to action for consumers to contact Congress and will further enhance NAB's advocacy efforts to keep AM radio in the car dashboard.

In response to the release of Evan Gershkovich, a journalist wrongfully imprisoned in Russia since March 2023, the following statement can be attributed to NAB President and CEO Curtis LeGeyt.

Manufacturing

Manufacturing

Manufacturing

Manufacturing

ASTANA, 14 July 2016 – The introduction of the Pollutant Release and Transfer Register (PRTR) in Kazakhstan was the focus of a roundtable discussion organized in Astana today by the OSCE Programme Office in Astana in partnership with the Energy Ministry’s Information and Analytical Centre of Environment Protection and the UN Development Programme in Kazakhstan.

Some 80 representatives of the Aarhus Centres, regional and central government entities, environmental NGOs and private sector focused on recent changes in national environmental legislation, guiding rules in implementing PRTR, international best practices and the role of the Aarhus Centres in promoting PRTR in the regions.

Joldasov Zulfuhar, Deputy Chairperson of the Committee of Environmental Regulation, Control and State Inspection in the oil and gas sector of Kazakhstan’s Energy Ministry, said:  “Taking into account that environmental damage impacts all spheres of life, a state register of pollutant release and transfer is particularly relevant. We are convinced of the need to co-operate with all interested parties and consolidate our efforts in addressing the emerging issues in the field of environmental protection and sustainable development.”

Mirco Guenther, Deputy Head of the OSCE Programme Office in Astana, said: "PRTR management can lead to a significant reduction in environmental and social risks to promote a constructive dialogue between interested parties, as well as to achieve a balance of interests and protection of environmental rights of citizens. The OSCE Programme Office in Astana stands ready to support Kazakhstan’s initiative to comply fully with all their obligations under the Aarhus Convention."

The PRTR Protocol was adopted in 2003, in Kyiv, Ukraine and is a legally binding instrument that requires parties to establish publicly accessible registers containing information on the release and transfer of pollutants.

The event is part of the Programme Office’s longstanding efforts in promoting the international standards of the Aarhus Convention in Kazakhstan.

Related Stories

• OSCE promotes Central Asian Leadership Program for young environmental leaders
• OSCE supports water co-operation in southern Kazakhstan
• Seminar for defence lawyers on new approaches and techniques of legal defence

ASTANA, 14 July 2016 – The introduction of the Pollutant Release and Transfer Register (PRTR) in Kazakhstan was the focus of a roundtable discussion organized in Astana today by the OSCE Programme Office in Astana in partnership with the Energy Ministry’s Information and Analytical Centre of Environment Protection and the UN Development Programme in Kazakhstan.

Some 80 representatives of the Aarhus Centres, regional and central government entities, environmental NGOs and private sector focused on recent changes in national environmental legislation, guiding rules in implementing PRTR, international best practices and the role of the Aarhus Centres in promoting PRTR in the regions.

Joldasov Zulfuhar, Deputy Chairperson of the Committee of Environmental Regulation, Control and State Inspection in the oil and gas sector of Kazakhstan’s Energy Ministry, said:  “Taking into account that environmental damage impacts all spheres of life, a state register of pollutant release and transfer is particularly relevant. We are convinced of the need to co-operate with all interested parties and consolidate our efforts in addressing the emerging issues in the field of environmental protection and sustainable development.”

Mirco Guenther, Deputy Head of the OSCE Programme Office in Astana, said: "PRTR management can lead to a significant reduction in environmental and social risks to promote a constructive dialogue between interested parties, as well as to achieve a balance of interests and protection of environmental rights of citizens. The OSCE Programme Office in Astana stands ready to support Kazakhstan’s initiative to comply fully with all their obligations under the Aarhus Convention."

The PRTR Protocol was adopted in 2003, in Kyiv, Ukraine and is a legally binding instrument that requires parties to establish publicly accessible registers containing information on the release and transfer of pollutants.

The event is part of the Programme Office’s longstanding efforts in promoting the international standards of the Aarhus Convention in Kazakhstan.

Related Stories

• OSCE supports water co-operation in southern Kazakhstan
• OSCE Programme Office supports training for defence lawyers in Kazakhstan on the new criminal procedure legislation
• OSCE Programme Office supports public hearings on libel and slander legislation in Kazakhstan

SARAJEVO, 16 June 2016 – The OSCE Mission to Bosnia and Herzegovina today published the report of Judge Joanna Korner CMG QC on war crimes processing at the state level in Bosnia and Herzegovina.

At a press conference held on this occasion, Ambassador Jonathan Moore, Head of the OSCE Mission to BiH, noted that the OSCE Mission to Bosnia and Herzegovina has been monitoring the prosecution of war crimes before the domestic courts of BiH since 1996, as part of its mandate under the Dayton Peace Accords.

“In 2003, the Mission developed an increasingly structured trial monitoring capacity.  In November 2006, the BiH High Judicial and Prosecutorial Council issued an Opinion recognizing the role of the Mission in observing criminal proceedings, stating that the OSCE Mission’s trial monitors should be given ‘full and unrestricted access to all documents they request within their mandate which includes monitoring the activities of courts and prosecutors’ offices,’” said Moore. 

The Mission has carried out training courses and other capacity-building activities for judicial and prosecutorial staff, and provided expert advice to the judiciary based on its findings.

“The Mission is routinely asked to provide information and analysis regarding the quality of war crimes processing at the state and entity levels. These inquiries come from a variety of sources, including private persons, victims’ and survivors’ associations, ICTY, and employees of BiH judicial institutions,” said Moore. “The purpose of such inquiries is generally to understand the capacity of domestic judicial institutions for processing war crimes cases in a manner that is fair to the interests of both victims and defendants and in line with international standards, and to identify gaps in the processing of such cases.”  

Moore emphasized that it is normal in democratic societies to have a vigorous public debate about judicial processes.  “No one is universally happy with every verdict, sentence, conviction, and acquittal.  Nevertheless, justice has yet to be done in many cases, more than 20 years after the end of the war in Bosnia and Herzegovina.”

In accordance with the mandate, role, and authorities of the Mission, with the support of the HJPC and in coordination with ICTY Chief Prosecutor Serge Brammertz and the British Embassy, Judge Korner was engaged by the OSCE Mission to BiH on the basis of her professional background and knowledge. 

Judge Korner visited BiH twice in order to review available materials, speak with prosecutors, judges, and others, and prepare an analytical report that would offer suggestions as to how to improve the processing of war crimes at the state level, at which the most complex and serious war crimes, crimes against humanity, and genocide cases, are processed. 

“The work of Judge Korner, her analysis and concrete advice are very valuable.  It is of course up to the institutions themselves, including the HJPC, the Prosecutor’s Office of BiH, and the Court of BiH to react to the report and to act upon its recommendations.  We respect the role of those institutions in guaranteeing the rule of law in Bosnia and Herzegovina.”

The Mission’s work in this regard is supported financially as part of its core budget and by additional contributions from the European Union, the United States, the United Kingdom, Switzerland, Norway, Germany, Italy, and Austria, and is closely co-ordinated with the International Criminal Tribunal for the former Yugoslavia.

Related Stories

• Judges and prosecutors in Bosnia and Herzegovina, at OSCE meeting, learn about videoconferencing to reach remote witnesses
• War crimes prosecutors in Bosnia and Herzegovina, at OSCE meeting in Mostar, discuss cases involving enforced disappearance
• OSCE supports international conference on obstacles in prosecuting war crimes in Bosnia and Herzegovina

Posted by Enrico Weigelt, metux IT consult on Oct 31

Looking for a title to binge-watch this weekend? Here's our pick!

Dominican Republic Attorney General Jean Alain Rodriguez releases CCTV footage of the shooting of retired Boston Red Sox star David Ortiz and announces the arrest of Ramon Martinez Perez, the man who allegedly shot Ortiz at a bar in Santo Domingo. - REUTERS

Netflix released several streaming titles that deserved more attention in October 2024, ranging from political thrillers to twisted crowd-pleasers.

Lolita, the 57-year-old orca who’s been held in captivity at the Miami Seaquarium on Virginia Key since the 1970s, is expected to be returned to her home waters in the Puget Sound, where she will live out the remainder of her days.