SecurityWeek
K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
K-12 schools improve protection against cyberattacks, but many are still vulnerable to ransomware gangs, says Biden administration
Infosecurity News
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti
The consultative body aims to tackle cyber-attacks used to fund Pyongyang’s weapons development, including its nuclear program
CyberSecurity Dive
Countries pledge to not pay ransoms, but experts question impact
There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.
Infosecurity News
Forty Countries Agree Not to Pay Cybercrime Ransoms
Initiative announced at International Counter Ransomware Initiative
Bleeping Computer
Dozens of countries will pledge to stop paying ransomware gangs
An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups.
The Record
White House hosts Counter Ransomware Initiative summit, with a focus on not paying hackers
The White House is convening representatives from dozens of countries to announce new measures aimed at combatting ransomware threats.
The Record
Neuberger: New global initiatives will include information sharing, ransomware payment tracking
A global coalition of government cybersecurity leaders will announce efforts to boost information sharing about digital threats and take on nefarious cryptocurrency payments when they convene in Washington next week, a senior White House official said on Tuesday.
The Record
Cybersecurity regulations for passenger and freight railroads renewed by TSA
“The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” TSA Administrator David Pekoske said.
The Hacker News
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
North Korean threat actors known as Diamond Sleet and Onyx Sleet are exploiting a critical security flaw in JetBrains TeamCity to breach servers.
CyberSecurity Dive
Most CISOs confront ransomware — and pay ransoms
The number of ransomware attacks organizations face has a direct correlation with the frequency with which ransoms are paid.
The Record
DHS to host Latin American cyber summit as region faces an onslaught of digital attacks
The U.S.Homeland Security Department this week will convene the first-of-its-kind cybersecurity summit with leaders from Latin America, which has increasingly become a hotbed for criminal digital activity and influence efforts by China.
The Record
Lawmaker slams White House refusal to create plan for economy after potential cyberattack
Rep. Andrew Garbarino, chairman of a House cybersecurity subcommittee, says it's "scary" that the Biden administration won't produce a "COTE" plan specifically for a cyberattack. The White House argues that such plans already exist elsewhere.
CyberSecurity Dive
White House mulls rating system to boost cybersecurity for critical infrastructure
Anne Neuberger, deputy national security advisor for cyber, told the Billington Cybersecurity Summit that a new ransomware summit is set and updated a consumer labeling push for IoT.
CyberSecurity Dive
3 best practices from the White House K-12 cybersecurity summit
School leaders must take prevention seriously and know who to call when an attack happens, government officials and educators said.
The Record
Largest switching and terminal railroad in US investigating ransomware data theft
The Belt Railway of Chicago says a cyber incident has not affected its operations. A known ransomware group added the company to its leak site.
The Record
CISA Director: US has lessons to learn about anticipating threats, disruption
Jen Easterly said at the Black Hat conference that Ukraine provides examples for the U.S. about how to handle large-scale cyberthreats.
SecurityWeek
White House Offers Prize Money for Hacker-Thwarting AI
The White House launched a competition for creating new artificial intelligence systems that can defend critical software from hackers.
CyberSecurity Dive
White House launches AI cyber competition to fix software vulnerabilities
In partnership with OpenAI, Anthropic, Google and Microsoft, participants will have access to top AI companies’ technology for designing new cybersecurity solutions.
The Record
White House to roll out array of cyber initiatives to bolster K-12 defenses
The Biden administration on Monday will announce a host of federal and private industry initiatives to strengthen the digital defenses of K-12 schools as educators across the country scramble for resources to fight a rising tide of cyberattacks.
CyberScoop
Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI
The deputy national security adviser for cyber and emerging technologies discusses how to mitigate AI's disinformation threat.
CyberScoop
FBI warns of broad AI threats facing tech companies and the public
The bureau warned that hackers will target tech companies, researchers and academics working on artificial intelligence advancements.
CyberSecurity Dive
US government plays catchup on phishing-resistant MFA
Security tools have evolved to include more accessible protocols that meet stringent authentication requirements. The government wants to embrace that.
The Record
Cyber assistance bills for agriculture sector gain bipartisan attention in Senate
The Food and Agriculture Industry Cybersecurity Support Act and the Cybersecurity for Rural Water Systems Act are aimed at making cybersecurity easier for the sector.
The Record
Biden’s Cyber Command and NSA nominee seen as a pick for continuity
Lt. Gen. Timothy Haugh has a long history with cyber operations in the Air Force and at Cyber Command. Insiders say he has what it takes to follow Gen. Paul Nakasone atop CYBERCOM and the NSA.
CyberSecurity Dive
Acting National Cyber Director downplays reports of interagency strife
There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.
CSO
3CX hack highlights risk of cascading software supply-chain compromises
The attack that injected malicious code into the company's software appears to have been enabled by another compromised application.
The Record
EPA takes steps to address cybersecurity weaknesses at water utilities
The EPA is now asking states to include cybersecurity in its audits of public water systems to address attacks on the industry.
CyberSecurity Dive
EPA unveils cybersecurity oversight for public drinking water systems
An agency memorandum marks the first new initiative on critical infrastructure since the White House released its national cyber strategy.
CSO
White House releases an ambitious National Cybersecurity Strategy
The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
The Record
National Cyber Strategy to push mandatory regulations, more offensive cyber action
The White House unveiled its National Cybersecurity Strategy on Thursday, calling for more regulations and offensive cyber action.
CyberSecurity Dive
White House releases national cyber strategy, shifting security burden
The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats.
CyberScoop
'No guns, no guards, no gates.' NSA opens up to outsiders in fight for cybersecurity
The National Security Agency's Cybersecurity Collaboration Center is trying to improve threat-sharing with private sector partners.
Ars Technica
How North Korea became a mastermind of crypto cybercrime
Cryptocurrency theft has become one of the regime’s main sources of revenue.
CyberScoop
White House cyber official advocates nimbler NATO to confront digital threats
White House official Anne Neuberger met with NATO officials in Rome to help craft plans to more rapidly respond to cyberthreats.
Security Affairs
Water sector in the US and Israel still unprepared to defeat cyber attacks
Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector. Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack against the water sector that could be orchestrated by enemy states like […]
CyberSecurity Dive
White House convenes dozens of countries to fight ransomware
The second international summit follows a series of high profile attacks against CommonSpirit Health and the Los Angeles Unified School District.
CyberSecurity Dive
White House to raise cyber standards for healthcare, water and emergency communications
CISA will also roll out minimum security standards by late October that can apply to organizations across sectors.
CyberSecurity Dive
White House to roll out Energy Star-like ratings for IoT
The labeling plan is part of a long-sought effort to boost security and transparency in commonly used technology products.
CyberSecurity Dive
Ransom demand escalates fallout from Los Angeles schools cyberattack
The Los Angeles school district hasn’t responded to the demand, following the advice of federal authorities. The stakes are high as sensitive data may hang in the balance.
CyberSecurity Dive
US government rejects ransom payment ban to spur disclosure
Federal authorities strongly discourage organizations from paying ransoms, but Anne Neuberger of the National Security Council explains why it decided against a ban.
The Record
Senate committee advances Fick nomination as State Department’s top cyber diplomat
The Senate Foreign Relations Committee on Wednesday advanced President Joe Biden’s pick to be the country’s first cyber ambassador in a bipartisan voice vote.
CyberScoop
White House to give aviation executives classified cyberthreat briefing, latest in series of industry meetings
The meeting will follow an Aug. 4 briefing with railroad executives to discuss industry responses to critical infrastructure cybersecurity.
CyberScoop
The Pentagon may require vendors certify their software is free of known flaws. Experts are split.
The debate is over whether the provision is unrealistic or if it's a game changing move to cut down on software vulnerabilities.
CyberScoop
Giving water sanitation inspectors cybersecurity oversight is a mistake, say industry groups, experts
The water sector is seen as among the nation's most vulnerable critical infrastructure to cyberattack after attacks in Florida and California.
CyberScoop
Saudi Arabia a critical partner in fighting cyberthreats, White House cyber official says
The kingdom is a vital partner to ensure the U.S. can block Chinese telecom giant Huawei from dominating networks in the Mideast and Africa.
The Record
Top White House cyber official says Congress should push for digital security mandates
A senior White House official on Thursday said Congress could do more to set basic cybersecurity standards for critical infrastructure sectors to better protect them against digital threats.
The Record
NSA, Cyber Command tap new election security leaders
The Election Security Group will play a central role in keeping the 2022 midterm elections free of foreign interference.
The Record
Viasat confirms report of wiper malware used in Ukraine cyberattack
Satellite communications company Viasat said its own research is consistent with a new report from a cybersecurity firm that a February attack on their infrastructure in Ukraine involved the use of a new malware named “AcidRain.”
SecurityWeek
FBI Sees Growing Russian Hacker Interest in US Energy Firms
An FBI advisory says Russian hackers have scanned at least five energy companies for vulnerabilities and at least 18 other companies in sectors including the defense industrial base and financial services
Bleeping Computer
White House shares checklist to counter Russian cyberattacks
The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future.
ThreatPost
Russia Lays Groundwork for Cyberattacks on U.S. Infrastructure
"Evolving intelligence" shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared.
The Record
U.K. echoes Biden warning on Russian cyberattacks
The United Kingdom’s top cyber authority on Tuesday backed the Biden administration’s call for vigilance and beefed up security against potential Russian digital attacks as Moscow’s invasion of Ukraine grinds to a stalemate.
SecurityWeek
Biden Warns US Companies of Potential Russian Cyberattacks
President Joe Biden warned U.S. companies of “evolving intelligence” that Russia is considering launching cyberattacks against critical infrastructure targets as the war in Ukraine continues
Ars Technica
White House warns of possible Russian cyberstrike on US critical infrastructure
There's no evidence now of specific attacks planned, but evolving intel is concerning.
CyberScoop
White House issues call to action in light of new intelligence on Russian cyberthreat
Russia has taken "preparatory actions" including probing websites for vulnerabilities, presidential adviser Anne Neuberger said.
The Record
White House renews concerns about Russian cyberattacks based on ‘evolving intelligence'
President Joe Biden on Monday warned that "evolving intelligence" suggests Russia is “exploring options for potential cyberattacks" in response to the economic punishments the U.S. and other countries have inflicted on Moscow over its invasion of Ukraine.
CyberSecurity Dive
White House warns US of possible Russian cyberattack linked to Ukraine invasion
The broad warnings come after federal authorities convened more than 100 critical infrastructure organizations to share classified cyberthreat information.
ThreatPost
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
The Record
Haines names policy veteran as intel community’s new CIO
Director of National Intelligence Avril Haines on Monday announced a longtime cyber policy expert as the clandestine community’s new chief information officer.
CyberSecurity Dive
New wiper, worm attacks emerge in Ukraine targeting government and industry
Researchers say the attacks were planned for months.
The Record
Pentagon CIO on the future of DoD's cybersecurity
Changing jobs paid off for John Sherman. In June 2020, Sherman — a 20-year-plus veteran of the U.S. intelligence community and at the time its chief information officer — left to become the principal deputy CIO at the Pentagon.
ZDNet
Ukrainian gov't sites, banks disrupted by DDoS amid invasion fears | ZDNet
Cloudflare said the attack was "relatively modest compared to large DDoS attacks we've handled in the past."
Bleeping Computer
Ukrainian government and banks once again hit by DDoS attacks
The sites of several Ukrainian government agencies (including the Ministries of Foreign Affairs, Defense, and Internal Affairs, the Security Service, and the Cabinet of Ministers), and of the two largest state-owned banks are again targeted by Distributed Denial-of-Service (DDoS) attacks.
Infosecurity News
UK Defense Secretary Warns Russia of Offensive Cyber Capabilities
Britain ready to hit back if attacked, says Wallace
Security Affairs
White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU
The White House has linked the recent DDoS attacks against Ukraine ‘s banks and defense agencies to Russia’s GRU. The White House has linked the recent DDoS attacks that took offline the sites of banks and defense agencies of Ukraine to Russia’s Main Directorate of the General Staff of the Armed Forces (aka GRU). This […]
Bleeping Computer
White House pins Ukraine DDoS attacks on Russian GRU hackers
Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU).
SecurityWeek
White House Accuses Russia of Cyberattacks Targeting Ukraine
The White House accused Russia of being responsible for recent cyberattacks targeting Ukraine’s defense ministry and major banks.
The Record
White House blames Russia for latest digital attacks on Ukraine
A senior White House official on Friday blamed Russia’s military intelligence agency for flooding the websites of Ukrainian defense agencies and banks with phony traffic earlier this week, which briefly knocked them offline and ratcheted up fears of an invasion by Moscow.
CyberSecurity Dive
US links Russia to Ukraine DDoS attacks
Administration officials said there are no specific or credible cyberthreats to the U.S., but private sector organizations should report unusual activity.
The Record
Senate lawmakers try again on cyber incident reporting legislation
The leaders of the Senate Homeland Security Committee on Tuesday introduced a legislative package meant to boost U.S. cybersecurity, warning a possible Russian invasion of Ukraine could result in cyberattacks against the U.S. by Moscow or its proxies.
Trend Micro
This Week in Security News - February 4th, 2022
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. Learn about the Samba vulnerability discovered by Trend Micro the White House’s warning of Russian hacks as tensions with Ukraine grow.
ZDNet
White House, EPA release 100-day cybersecurity plan for water utility operators | ZDNet
CISA Director Jen Easterly said over the past year, they have seen several cyber threats targeting water systems.
Bleeping Computer
White House reminds tech giants open source is a national security issue
The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks.
ZDNet
Log4j: Google and IBM call for list of critical open source projects | ZDNet
After attending a meeting at the White House, Google also proposed creating an organization to serve as a marketplace for open source maintenance.
ZDNet
After Log4J, White House worries about the next big open source flaw | ZDNet
The White House is holding a meeting today with tech leaders to discuss Log4J and other potential flaws.