The FBI warns of a callback phishing scam by the Silent Ransom Group to gain initial access to organizations targeted in a recent ransomware campaign. In callback phishing attacks, threat actors email employees at a target company, demanding payment for a fake account and instructing them to call the gang's call center to resolve the problem. Once the victim calls, the threat actors use social engineering techniques to trick them into installing malware on their computer, granting the group initial access to the target organization.

Cybercriminals have the resources to fake a real-life kidnapping and make it believable, thanks to Artificial Intelligence (AI) and publicly available data. At this year's Black Hat Europe conference, two Trend Micro researchers will discuss the real and emerging new trend of "virtual kidnapping," which may be the most frightening malicious application of AI yet.

Following the theft of millions of user records from the DNA genetic testing company 23andMe, DNA testing and genealogy companies are increasing their efforts to strengthen user account security by enabling two-factor authentication (2FA) by default. Ancestry, MyHeritage, and 23andMe have started notifying customers that 2FA will be enabled by default on their accounts. 2FA requires a user to enter an additional verification code sent to a device they own to confirm that they are the actual account holder logging in.

According to Portal26, companies need help gaining visibility into their Artificial Intelligence (AI) programs' operations. A lack of visibility may reduce productivity and introduce significant risks in governance, data security, and other areas. In the past year, two-thirds of respondents reported a generative AI security or misuse incident. Seventy-three percent have already faced generative AI-related security incidents, with 67 percent occurring in the last year alone.

Singapore's Marina Bay Sands luxury resort has recently revealed that 665,000 of its customers are impacted by a recent data breach.  The incident affects Marina Bay Sands' shopping loyalty program members.  There is no indication to date that the Sands Rewards Club casino rewards program was impacted as well.  The resort is owned by US casino and resort giant Las Vegas Sands.  The company discovered on October 20 that an unauthorized third party had gained access to shopping membership program data on October 19 and 20.

To encourage the critical infrastructure community to focus on bolstering resilience, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) have launched the new "Shields Ready" campaign. The Shields Ready campaign, spearheaded by CISA and supported by FEMA, will work to ensure the nation's critical infrastructure is better prepared and more resilient against all threats, including cyberattacks.

Cloud monitoring, log management, and SIEM tools provider Sumo Logic recently discovered a security breach and is urging customers to change credentials.  The company revealed on Tuesday that a "potential security incident" found on November 3 involved unauthorized access to a Sumo Logic AWS account through the use of compromised credentials.  The company noted that there is no indication that the company's systems, networks, or customer data have been impacted.

Jupyter infostealer infections have increased, mostly targeting organizations in the education and healthcare sectors. According to a new report from VMware's Carbon Black Threat Analysis Unit, there has been a surge in new incidents involving the malware, which was first discovered in late 2020. The malware enables hackers to steal credentials and exfiltrate data. It has evolved to target Chrome, Edge, and Firefox browsers, and the hackers who use it have also used search engines to trick people into downloading malicious files containing the malware.

MITRE and Microsoft have enhanced MITRE ATLAS (Adversarial Threat Landscape for Artificial Intelligence Systems), a community knowledge base that security professionals, Artificial Intelligence (AI) developers, and AI operators can use in the protection of AI-enabled systems. MITRE ATLAS now focuses more on generative AI vulnerabilities to catalyze secure AI use. This new framework update, as well as the accompanying new case studies, directly address the unique vulnerabilities of systems involving generative AI and Large Language Models (LLMs).

Those responsible for managing software systems must think about third-party software dependencies and risks in new ways and team up with business experts to develop new techniques for identifying and handling potential risks. A Software Bill of Materials (SBOM) can help with these tasks. Carnegie Mellon University Software Engineering Institute (SEI) researchers have highlighted their work on building upon SEI's Acquisition Security Framework for Supply Chain Risk Management (SCRM) and tailoring it for third-party software management. Their work resulted in the SEI SBOM Framework.