Google Taps AI for Its ‘Threat Intelligence’ Cybersecurity Plan

Google introduced Threat Intelligence at the RSA Conference in San Francisco this week. Claiming actionable information at “visibility only Google can deliver, based on billions of signals across devices and emails,” Threat Intelligence draws on the capabilities of the company’s Gemini LLMs, Mandiant cybersecurity arm, and cloud-based VirusTotal tool. An AI-powered Gemini agent “provides conversational search” across the repository of Threat Intelligence, “enabling customers to gain insights and protect themselves from threats faster than ever before,” Google says in a move to empower even small teams without IT departments with threat protection. Continue reading Google Taps AI for Its ‘Threat Intelligence’ Cybersecurity Plan

Google Seeks Out Scammers Using Bard to Spread Malware

Google has filed suit in federal district court in California to stop alleged fraudsters from leveraging public interest in artificial intelligence generally and Bard in particular to spread malware. The perpetrators, who are believed to be based in Vietnam, are said to be using Facebook to promote an “unpublished” version of Bard that when downloaded installs password-stealing malware into the host system. The suit claims the scammers are using Google’s trademark-protected intellectual property — including its name and that of Bard, its brand look and colors, and photographs of CEO Sundar Pichai to promote an illegal scheme. Continue reading Google Seeks Out Scammers Using Bard to Spread Malware

FCC Advances ‘U.S. Cyber Trust Mark’ to Foster IoT Security

The Federal Communications Commission has issued a formal Notice of Proposed Rulemaking (NPRM) for the U.S. Cyber Trust Mark labeling program for smart devices announced in July with the Biden administration. The voluntary program to provide certification for baseline cybersecurity standards is designed to help consumers make informed purchase decisions regarding Internet of Things (IoT) products. The FCC, which proposes to own the new Cyber Trust trademark and administer it in conjunction with third parties, is now officially soliciting comments from industries and the public on the scope of the proposed program. Continue reading FCC Advances ‘U.S. Cyber Trust Mark’ to Foster IoT Security

Cloud Platforms Combine Security, Operations for Efficiency

A new generation of cybersecurity solutions is gaining attention for merging corporate networks with security tools like malware protection into one system that can be centrally managed. Akamai, Cisco, Cloudflare, Zscaler, Palo Alto Networks and others have begun offering consolidated cybersecurity platforms that span IT, operations and security, leveraging resources and theoretically reducing costs through shared expenses. Having all eyes on traffic and workloads via a single framework may also make it possible for chief information officers and IT personnel to be more effective and focused. Continue reading Cloud Platforms Combine Security, Operations for Efficiency

Cybersecurity Labeling System Coming to IoT Devices in 2023

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Researcher Says TikTok Can Track User Data via Keystrokes

Popular short-form video platform TikTok is garnering more unwanted attention, this time for tracking users’ keystrokes via a the ByteDance-owned video app’s browser. The feature was discovered by privacy researcher Felix Krause, a former Google engineer, who reported the Chinese company embeds the tracking capability within the in-app browser that opens when someone clicks an external link. Krause noted his research is limited to the Apple iOS platform. Krause did not speculate as to how TikTok is using the capability, but suggests he finds it troubling because it indicates TikTok is able to track users’ online activity if it so chooses. Continue reading Researcher Says TikTok Can Track User Data via Keystrokes

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

Researchers Discover Malware on Apps in Google Play Store

Google has removed dozens of apps from the Google Play Store after finding they were harvesting data from millions of Android phones. The spyware creator, Panama’s  Measurement Systems S. de R.L., has been linked with a Virginia defense contractor that has done work for U.S. national-security agencies in the areas of cyberintelligence, network defense and intelligence intercepts. Researchers found the errant code embedded in apps for Muslim prayers, speed-trap detection, QR-code reading and other popular consumer programs that have been downloaded more than 10 million times. Continue reading Researchers Discover Malware on Apps in Google Play Store

Major Security Vulnerability Triggers Worldwide Internet Crisis

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

Pixalate Raises $18.1M to Combat Click Tricks and Ad Fraud

Analytics firm Pixalate has announced $18.1 million in growth capital for connected TV and mobile advertising initiatives. The new round brings total capital raised to $22.7 million for the 9-year-old firm, which specializes in fraud prevention, privacy protection and legal compliance via offices in Santa Monica, Palo Alto and London. The move comes as Pixalate rises to meet the challenges of enterprise clients fending off bot attacks, ad fraud and other malicious threats. Malware incursions by intruders like Puppeteer siphon tens of millions of dollars in annual ad revenue, according to Pixalate. Continue reading Pixalate Raises $18.1M to Combat Click Tricks and Ad Fraud

Google Develops New Security Solutions to Strengthen Cloud

Google is introducing new security solutions for Google Cloud, in addition to expanding availability of its Risk Protection Program. Google Cloud vice president and general manager Sunil Potti explained that the updates are part of a larger vision of “invisible security” within the cloud where silos will “eventually” disappear after all security tech is engineered into it. He added that, “rather than essentially build products that fix problems with other products … you have to hit the reset button and embrace something fundamental.” Continue reading Google Develops New Security Solutions to Strengthen Cloud

New York Is First City to Open a Cyberattack Defense Center

New York City just opened its Cyber Critical Services and Infrastructure (CCSI) Project, a real-time operational center to protect the metropolitan area against cyberattacks. Located in lower Manhattan, the center shares intelligence with 282 partners, including the New York Police Department (NYPD), Amazon, International Business Machines (IBM), the Federal Reserve Bank and several New York healthcare systems. The anti-cybercriminal effort started two years ago but has been entirely virtual until now. Continue reading New York Is First City to Open a Cyberattack Defense Center

Google Expands Workspace Features and Opens to All Users

Google is providing full access to Workspace (formerly G Suite) for its 3+ billion existing users in consumer, enterprise and education markets. Users turn on Google Chat in Gmail to enable the full experience. Although Google Drive and Docs have already been free, Workspace brings features such as smart suggestions in emails and documents. Google is also debuting Google Workspace Individual, a paid version aimed at small business owners, offering “booking services, professional video meetings, personalized email marketing” and more. Continue reading Google Expands Workspace Features and Opens to All Users

U.S. Takes Steps Against Russian and Chinese Cyberattacks

Blaming Russia for attacks that interfered in the 2020 U.S. presidential election, President Biden imposed new sanctions on 32 entities and individuals in that country. Although sanctions will make it more difficult to partake in the global economy, the White House did not immediately limit Russia’s ability to borrow money on the global market. Biden noted he “chose to be proportionate” and “is not looking to kick off a cycle of escalation and conflict with Russia.” The FBI has also recently taken strong steps to stop Chinese hacking. Continue reading U.S. Takes Steps Against Russian and Chinese Cyberattacks

Apple Reveals Platform Security Guide with Info on M1 Chip

Apple unveiled its annual Platform Security Guide, now 200 pages, which provides the first-ever detailed documentation of its new M1 chips. The company is known for being reticent to release much in-depth technical information as part of its “security through obscurity” strategy to fend off hackers. However, this latest edition of the guide offers “significantly expanded information,” including details about the secure enclave and other software features and is designed to enable customers use the technology’s defense attributes. Continue reading Apple Reveals Platform Security Guide with Info on M1 Chip