Friday Five: New Cyber Guidelines and Legislation, Cybercriminal Activity, & Malware Targeting macOS

SENATE COMMITTEE ADVANCES OPEN SOURCE SOFTWARE AND DIGITAL IDENTITY BILLS BY CHRIS RIOTTA

The Senate Homeland Security and Governmental Affairs Committee advanced a series of bills this past week that aim to improve government operations around data management, digital identity, and securing critical infrastructure from cyber attacks. The advanced bills include the Securing Open Source Software Act of 2023, the National Risk Management Act of 2023, the Improving Digital Identity Act of 2023, the Federal Data Center Enhancement Act of 2023, and others. Read more on what this legislation could accomplish once made into law in the full story from Chris Riotta.

Read more

EXECUTIVE ORDER SETS UP GUARDRAILS FOR US USE OF COMMERCIAL SPYWARE BY TONYA RILEY

President Biden signed an executive order on Monday that prohibits U.S. government agencies from using commercial spyware that presents a national security risk to the United States. Such spyware has been said to have targeted at least 50 U.S. personnel in ten countries across several continents. Rather than providing an outright ban on U.S. agencies using spyware, however, the executive order seeks to prevent the use of products deemed unacceptable by the U.S. government, while keeping the door open to the use of other commercial surveillance products.

Read more

FAKE DDOS SERVICES SET UP TO TRAP CYBERCRIMINALS BY CHRISTOPHER BOYD

According to a recent announcement by the UK's National Crime Agency (NCA), the agency has disrupted the online criminal marketplace by setting up a number of trap sites purporting to offer DDoS-for-hire services. While an unsuspecting cybercriminal may assume that they're setting up an account to access DDoS tools, in reality, they'll be redirected to a splash page warning them that their data has been collected and they will be contacted by law enforcement. Read more about how this tactic is connected to Operation Power Off and how the goal of the tactic is to deter inexperienced cybercriminals.

Read more

NORTH KOREA'S KIMSUKY EVOLVES INTO FULL-FLEDGED, PROLIFIC APT43 BY ELIZABETH MONTALBANO

Cybercriminal group Kimsuky--otherwise known as APT43 and Thallium--have recently carried out "unusually aggressive" social-engineering attacks aimed at gathering intelligence from American, South Korean, and Japanese targets, along with stealing and laundering cryptocurrency to support the North Korean government. Researchers at Mandiant have found that the group has graduated from mere cyber espionage to stealing cryptocurrency to fund their own operations and the regime of Kim Jong-un. Read more about Kimusky's new tactics and who they're targeting in the full story from Elizabeth Montalbano.

Read more

NEW MACSTEALER MACOS MALWARE STEALS PASSWORDS FROM ICLOUD KEYCHAIN BY BILL TOULAS

A new info-stealing malware-as-a-service (MaaS) dubbed 'MacStealer' is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. While the seller claims the malware is still in an early beta development phase and offers no panels or builders, it instead sells pre-built DMG payloads that can infect macOS Catalina, Big Sur, Monterey, and Ventura. Upon the victim providing their system's password after being given a fake password prompt, a command allows the malware to collect passwords from the compromised device.

Read more