This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us.
We also discuss whether Secure by Design's goals are practical or not.
OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet.
Also, Wat...
Attackers delivered phishing emails with a ZIP file attachment with an executable Rust-based loader, which prompts Windows batch scripts that not only open lure documents but also facilitate the deactivation of antivirus software prior to the deployment of the Python-based information-stealing malware, an analysis from Cisco Talos showed.
In a post on its leak site on Friday, RansomHub disclosed that it was able to exfiltrate files relating to contracts, financials, insurance, and confidential data while sharing a data sample that included Mexican government employees' names, job titles, workplaces, phone number extensions, email addresses, and ID reference numbers.
CyberScoop reports that the incoming Trump administration has been urged by Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger to establish a framework for minimum cyber regulations for critical infrastructure organizations and expand cybersecurity partnerships with other countries within its first 100 days.
