US President Joe Biden (Photo: Wikimedia/CC)

Biden Memo Orders Cybersecurity Improvements

Dan Gunderman • January 20, 2022

U.S. President Joe Biden today signed a National Security Memorandum that aims to improve the cybersecurity of national security systems. The memo gives new powers to the NSA to oversee cybersecurity improvements such as the use of the multifactor authentication, encryption and endpoint detection services.

General Data Protection Regulation (GDPR)

Night Sky Ransomware Distributed via Log4j Exploits

Latest

Application Security

Log4Shell Update: VMware Horizon Targeted

Prajeet Nair • January 19, 2022

Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.

Business Continuity Management / Disaster Recovery

JPMorgan Chase Invests $12 Billion in Security Updates

Devon Warren-Kachelein • January 19, 2022

JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.

Endpoint Protection Platforms (EPP)

McAfee Enterprise and FireEye Products Rebrand as Trellix

Mathew J. Schwartz • January 19, 2022

Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?

Fraud Management & Cybercrime

NSO Group Spyware Reportedly Used by Israeli Police Force

Dan Gunderman • January 18, 2022

Spyware from controversial Israeli firm NSO Group was reportedly used by the nation's civilian police force, according to a new report from an Israeli business publication. Its findings allege that the Israel Police conducted warrantless phone taps on Israeli politicians and activists, among others.

Cyberwarfare / Nation-State Attacks

New Chinese Threat Group Deals in Espionage and Theft

Mihir Bagwe • January 18, 2022

A new threat group linked to China, dubbed "Earth Lusca" by researchers, is not only running cyberespionage campaigns against governments around the globe, but also seeking financial gain.

Cyberwarfare / Nation-State Attacks

EU's Cyber Rapid Response Team on Standby for Ukraine

Prajeet Nair • January 18, 2022

After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.

Business Email Compromise (BEC)

How 'The Great Resignation' Is Affecting Cybersecurity

Anna Delaney • January 18, 2022

People are leaving their jobs in droves during "The Great Resignation," and the cybersecurity industry is not immune to the trend. Mike Hamilton, the former CISO for the city of Seattle, warns organizations about the opportunities this presents for cybercriminals and outlines how employers can work to retain talent....

Application Security

Destructive Malware Discovered Targeting Ukrainian Systems

Mathew J. Schwartz • January 17, 2022

The defacement of Ukrainian government websites may have been intended as a smokescreen for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. Ukraine continues to investigate the attack, which it suggests may trace to Russia, Belarus or both.

Cybercrime

Russia Charges 8 REvil Ransomware Suspects After Raids

Mathew J. Schwartz • January 17, 2022

Russian authorities have charged eight individuals with crimes tied to the REvil ransomware operation, after raiding 25 properties and detaining 14 suspects, thanks in part to U.S.-shared intelligence. The White House says one of the suspects was also responsible for last year's attack on Colonial Pipeline.

Blockchain & Cryptocurrency

OCC Chief Calls for Collaboration in Crypto Regulations

Devon Warren-Kachelein • January 15, 2022

With 16% of U.S. citizens using a cryptocurrency trading platform, OCC acting Chief Michael Hsu urges collaborative efforts to pass cryptocurrency regulations, which he says could lead to greater innovation in the space.

Governance & Risk Management

FCC Proposes Stricter Telecom Breach Notification Measures

Dan Gunderman • January 14, 2022

The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...

Application Security

ISMG Editors: Is 2022 the Year of the SBOM?

Anna Delaney • January 14, 2022

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...