April 19, 2024 at 09:48AM
SecurityWeek’s cybersecurity news roundup offers a curated selection of significant developments, including incidents of backdooring attempts, increased funding for cybersecurity startups, and vulnerabilities in AI/ML supply chain. Additionally, it reports on legislative developments, cybercriminal activities targeting the automotive industry, and a Moldovan botnet operator’s indictment in the US.
Based on the meeting notes, here are the key takeaways from this week’s cybersecurity news roundup:
1. OpenSSF and OpenJS Foundations reported potential backdooring attempts, similar to the XZ backdoor incident, and requested to be designated as project maintainers.
2. Cybersecurity startups raised a significant amount of funding, with an increase in big funding rounds.
3. A vulnerability in AI supply chain could allow for supply chain attacks via Lambda Layers in third-party TensorFlow-based Keras models.
4. HackerOne requested the DOJ to expand good-faith security research protections to include AI artifacts, as AI researchers may be vulnerable to criminal liability.
5. Protect AI published its April 2024 Vulnerability Report, detailing a significant increase in vulnerabilities in the OSS AI/ML supply chain.
6. The House passed a bill requiring a warrant for government acquisition of data from third parties.
7. LLM agents demonstrated the capability to autonomously exploit vulnerabilities in real-world systems.
8. The FIN7 cybercrime group targeted a US automotive industry company using spear-phishing.
9. Moldovan national Alexander Lefterov has been indicted in the US for his alleged role in a cybercrime operation involving a botnet and remains at large.
These summaries provide a comprehensive overview of the notable cybersecurity developments from this week’s news.