Tech giants and world govs unite to tackle spyware threats
In a united front against commercial spyware, over a dozen countries, including France, the UK, and the US, joined forces with tech giants Google, Meta, and Microsoft to sign a joint agreement on Tuesday. The pledge was released just a day after the U.S. announced a visa restriction policy for individuals involved in the misuse of commercial spyware. The initiative advocates for international guidelines to control the unrestrained proliferation of cyber intrusive tools. Commercial spyware, such as NSO Group’s Pegasus, exploits smartphones for eavesdropping, message interception, and data exfiltration, often leveraging zero-day exploits. Notably,Hungary, Mexico, Spain, and Thailand were among the 11 countries who opted not to sign the pledge, as reported by Recorded Future. A follow-up meeting is planned for next year.
Spyware vendors to blame for most Google zero-days
Speaking of spyware, Google reports that spyware vendors were responsible for 80% of the zero-day vulnerabilities discovered by the company in 2023. Looking at the bigger picture, Google’s Threat Analysis Group (TAG) attributes 35 out of 72 known in-the-wild zero-day exploits affecting its products over the last decade to spyware vendors. Google notes that the actual number is likely higher, considering undetected exploits. Commercial spyware vendors predominantly impacted Google Chrome, Android, and Apple iOS.
Insider data breach hits almost half of Verizon’s employee base
Names, physical addresses, and even social security numbers were just some of the information exposed in a significant data breach affecting Verizon employee’s last year. The company says the sensitive data of over 63,000 employees was compromised when an unauthorized employee accessed a file containing such information back in September 2023. However, the breach went undetected until nearly three months later in December. Verizon clarified the incident only impacted employees and not customers. In a statement to Bleeping Computer, Verizon mentioned that, at this point, there is no indication that the exposed information was improperly used or shared outside the company.
Ready or not AI is here to stay, and many are scrambling to adapt. Enter the Chief AI Officer, or CAIO for short. The New York Times reports that some organizations, like the Mayo Clinic, have already established this position. CEO Richard Gray said, “We’re really trying to foster some of these data and A.I. capabilities throughout every department, every division, every work group.” The Biden administration has also taken steps, signing an executive order mandating federal agencies, including the Department of Defense, Education, and Homeland Security, to appoint a chief AI officer. While the widespread adoption of the CAIO role is still on the horizon, it’s clear that some organizations have already started the conversation.
From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging.
Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization.
Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk.
To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Dutch defense network compromised by Chinese hackers
A Chinese cyber-espionage group successfully infiltrated the Dutch Ministry of Defence, deploying malware on compromised devices last year, according to the Netherlands’ Military Intelligence and Security Service (MIVD). Despite backdooring the breached systems, the agency reported limited impact due to network segmentation. During the investigation, a persistent remote access trojan (RAT) named Coathanger was discovered, which is specifically designed to infect Fortigate network security appliances. The Dutch agency warns they continue to face challenges with this malware strain as it can recover even after a system reboot and survives firmware upgrades.
A company that promotes itself as “always secure” states that its software is safe to use following a cyberattack. According to The Record, AnyDesk, a widely-used remote monitoring and management software company, asserted that all versions of its tools obtained from “official sources” are secure. This is a story we first reported to you earlier this week, where according to AnyDesk a cyberattack led to outages affecting servers in Spain and Portugal but had no impact elsewhere. The company initiated a password reset for customers, emphasizing it was a precautionary measure. AnyDesk reports that the incident did not involve ransomware or an extortion attempt and that no customer data was compromised.
Google has settled to the tune of $350 million in a lawsuit connected to a security flaw in the now-shut-down Google+ social media website. Although the settlement is pending approval from a federal judge, a Google spokesperson expressed relief in what they described to be a long saga for “ a product that no longer exists, and we are pleased to have it resolved.” The settlement addresses claims that the tech giant concealed a three-year software glitch, exposing Google+ users’ personal data for several months, though Google denies any wrongdoing in the case.
A White House official says the administration is exploring the possibility of watermarking computer-generated content to enhance the identification of deepfakes. However, the administration is placing the onus on companies to develop technology for detecting these deepfakes. Deepfakes are becoming a growing concern in the private and public sectors. Earlier this week, we reported an incident where an employee paid $25 million to hackers after a video call with a deepfaked version of their CFO. More recently, a robocall using an AI voice resembling President Joe Biden, urging voters not to participate in the upcoming primary, was linked to a pair of Texas-based telecommunication companies. While a watermark may not be effective in these specific cases, according to Cyberscoop, the Biden administration believes it could be beneficial for a White House that is growing more concerned about the impact of these deepfakes.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
