Here are the articles getting our attention:
 

• Introducing the Coalition for Secure AI (CoSAI) and founding member organizations

Google has launched the Coalition for Secure AI (CoSAI) to address AI security risks. CoSAI, which includes members like Amazon, Microsoft, and OpenAI, focuses on software supply chain security, preparing defenders for cybersecurity challenges, and AI security governance. This initiative, hosted by OASIS Open, aims to develop industry standards, frameworks, and best practices to ensure secure AI deployment. CoSAI will collaborate with various organizations to advance responsible AI and prioritize transparency and ethical practices in AI development.

• TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

TAG-100, tracked by Recorded Future's Insikt Group, is using open-source tools in a suspected cyber espionage campaign targeting global government and private organizations. Since February 2024, TAG-100 has compromised entities in at least ten countries, including the U.K., U.S., and Taiwan. The group exploits known security flaws in internet-facing products and uses tools like Pantegana and Spark RAT post-exploitation. Their focus on internet-facing appliances reduces detection risk, highlighting the need for stronger security measures. This campaign highlights the use of proof-of-concept exploits and open-source programs, complicating attribution and evasion. The group's focus on internet-facing appliances reduces detection risk post-exploitation, emphasizing the need for enhanced security measures.

• Notorious FIN7 hackers sell EDR killer to other threat actors

The FIN7 hacking group, suspected to be Russian and active since 2013, has been found selling its custom "AvNeutralizer" tool. This tool disables enterprise endpoint protection software, facilitating undetected cyber intrusions. Initially focused on financial fraud, FIN7 later engaged in ransomware, linking with DarkSide, BlackMatter, and BlackCat ransomware operations. They have also used sophisticated phishing and custom malware to breach corporate networks. Researchers from SentinelOne identified "AvNeutralizer" being used by multiple ransomware operations since 2022, indicating its widespread distribution. FIN7's continuous innovation and tool updates pose significant threats to global enterprises. Their operations complicate attribution due to their use of multiple aliases and collaboration with other cybercriminals.

• North Korean Hackers Update BeaverTail Malware to Target MacOS Users

North Korean hackers have updated their BeaverTail malware to target macOS users, distributing it through a fake video call service named "MiroTalk.dmg." The malware, originally identified in 2023, steals sensitive information from web browsers and cryptocurrency wallets and can deliver additional payloads. This updated variant highlights the hackers' continued focus on sophisticated social engineering and their ability to bypass security measures. The group's activities pose significant threats to enterprises worldwide, emphasizing the need for robust cybersecurity defenses.

• Crypto experts, law enforcement shut down network stealing billions through ‘approval phishing’

Cryptocurrency experts and law enforcement from six countries collaborated to dismantle networks responsible for over $1 billion in "approval phishing" scams. Operation Spincaster, involving 17 crypto exchanges and 12 public sector agencies, aimed to disrupt these scams by training officers to identify compromised wallets and trace stolen funds. This effort, starting in Canada and expanding globally, led to numerous account closures, fund seizures, and prevented further victimization. The operation underscores the importance of international cooperation in combating sophisticated cryptocurrency fraud schemes.