In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack

In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack

April 19, 2024 at 09:48AM

SecurityWeek’s cybersecurity news roundup offers a curated selection of significant developments, including incidents of backdooring attempts, increased funding for cybersecurity startups, and vulnerabilities in AI/ML supply chain. Additionally, it reports on legislative developments, cybercriminal activities targeting the automotive industry, and a Moldovan botnet operator’s indictment in the US.

Based on the meeting notes, here are the key takeaways from this week’s cybersecurity news roundup:

1. OpenSSF and OpenJS Foundations reported potential backdooring attempts, similar to the XZ backdoor incident, and requested to be designated as project maintainers.

2. Cybersecurity startups raised a significant amount of funding, with an increase in big funding rounds.

3. A vulnerability in AI supply chain could allow for supply chain attacks via Lambda Layers in third-party TensorFlow-based Keras models.

4. HackerOne requested the DOJ to expand good-faith security research protections to include AI artifacts, as AI researchers may be vulnerable to criminal liability.

5. Protect AI published its April 2024 Vulnerability Report, detailing a significant increase in vulnerabilities in the OSS AI/ML supply chain.

6. The House passed a bill requiring a warrant for government acquisition of data from third parties.

7. LLM agents demonstrated the capability to autonomously exploit vulnerabilities in real-world systems.

8. The FIN7 cybercrime group targeted a US automotive industry company using spear-phishing.

9. Moldovan national Alexander Lefterov has been indicted in the US for his alleged role in a cybercrime operation involving a botnet and remains at large.

These summaries provide a comprehensive overview of the notable cybersecurity developments from this week’s news.

Full Article