Federal Reserve Chairman Jerome Powell, who said Wednesday the central bank is assessing the creation of a government-backed digital currency (Photo: Federalreserve via Flickr)

Fed Chair Says Central Bank Evaluating Digital Currency

Dan Gunderman • September 23, 2021

The U.S. Federal Reserve said Wednesday it is continuing to evaluate the creation of a central bank digital currency, or CBDC, and that it intends to publish research on the subject shortly, according to Chair Jerome Powell.

Business Continuity Management / Disaster Recovery

OCC's Hsu Addresses Need for Cryptocurrency Oversight

Latest

Critical Infrastructure Security

Lawmakers Share Huawei Concerns with US State Department

Dan Gunderman • September 23, 2021

Republican lawmakers have expressed additional concerns around Chinese telecom giant Huawei to the nation's top diplomat. In a letter to Secretary of State Antony Blinken, Sen. Tom Cotton and Rep. Mike Gallagher outline Huawei's global cloud services and seek answers on privacy concerns.

Critical Infrastructure Security

Senators Debate Cyber Rules for US Critical Infrastructure

Scott Ferguson • September 23, 2021

As the Senate Homeland Security Committee considers new cyber rules and regulations for U.S. critical infrastructure, lawmakers heard testimony from CISA's Jen Easterly and National Cyber Director Chris Inglis on Thursday in support of these measures, which include updates to FISMA.

3rd Party Risk Management

US DHS, FBI Face Ransomware Questions from Congress

Dan Gunderman • September 22, 2021

U.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks, diplomatic efforts to curb ransomware's financial model, and the nation-states that harbor cybercriminals.

Anti-Phishing, DMARC

Microsoft Analyzes Phishing-as-a-Service Operation

Doug Olenick • September 22, 2021

Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The gang remains operational.

Blockchain & Cryptocurrency

Coinbase Contracts With DHS for Blockchain Analytics

Dan Gunderman • September 21, 2021

U.S.-based cryptocurrency exchange Coinbase has contracted with the U.S. Department of Homeland Security to provide its blockchain monitoring software, according to government tracking sites. The U.S.-based exchange also withdrew plans to launch a crypto lending program amid tensions with the SEC.

Critical Infrastructure Security

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Scott Ferguson , Doug Olenick • September 20, 2021

NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement agencies.

Blockchain & Cryptocurrency

Hacker Makes Off With $12 Million in Latest DeFi Breach

Dan Gunderman • September 20, 2021

In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.

3rd Party Risk Management

US Warns Nation-State Groups May Exploit Flaw in Zoho Tool

Scott Ferguson • September 17, 2021

CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.

Business Continuity Management / Disaster Recovery

Is White House Crackdown on Ransomware Having Any Effect?

Mathew J. Schwartz • September 17, 2021

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

Business Continuity Management / Disaster Recovery

Is Grief's Threat to Wipe Decryption Key Believable?

Doug Olenick • September 16, 2021

Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

Business Continuity Management / Disaster Recovery

House Committees Seek to Spend Millions on Cybersecurity

Scott Ferguson • September 15, 2021

A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate over the Biden administration's $3.5 trillion budget proposal for 2022. Part of the money would help fulfill Biden's executive order.