Numerous cybersecurity-related measures have been advanced by the Senate Homeland Security and Governmental Affairs Committee, led by the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, which would mandate the adoption of National Institute of Standards and Technology guidance-adherent vulnerability disclosure policies among federal contractors.
This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us.
We also discuss whether Secure by Design's goals are practical or not.
OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet.
Also, Wat...
Attackers delivered phishing emails with a ZIP file attachment with an executable Rust-based loader, which prompts Windows batch scripts that not only open lure documents but also facilitate the deactivation of antivirus software prior to the deployment of the Python-based information-stealing malware, an analysis from Cisco Talos showed.
In a post on its leak site on Friday, RansomHub disclosed that it was able to exfiltrate files relating to contracts, financials, insurance, and confidential data while sharing a data sample that included Mexican government employees' names, job titles, workplaces, phone number extensions, email addresses, and ID reference numbers.