Security News

United States President Joe Biden has revealed "Evolving intelligence that the Russian Government is exploring options for potential cyber attacks" and that the risks posed to critical infrastructure are so significant that hundreds of US organizations have been given classified briefings on the matter. Biden nonetheless urged the private sector to get its cyber security house in order - ASAP. We're seeing potential cyberattacks on critical infrastructure.

FBI warns of cyberattacks using AvosLocker ransomware. The FBI and US Treasury are advising organizations to beware of a specific strain of ransomware aimed at critical infrastructure sectors in the United States.

Israel's Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. Internet tracker NetBlocks reported that the attacks were launched against Israeli telecom providers Bezeq and Cellcom.

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively.

As Russian ground forces closed in on key Ukrainian cities including capital Kyiv, and airstrikes hit military bases near the western city of Lviv, the expected cyber-onslaught by Russia has largely failed to become reality. Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February - the day Russia invaded Ukraine.

Palo Alto Networks has rolled out a new supply chain security system that the cybersecurity vendor claims can identify vulnerabilities and misconfigurations across the lifecycle of cloud native applications. It's called Prisma Cloud Supply Chain Security, and it scans for any issues in code - such as version control system and CI pipeline misconfigs - across open-source packages, infrastructure-as-code files and delivery pipelines, according to the security shop.

Revenge and inflation are key drivers behind an 800 percent increase in cyberattacks seen by a managed services provider since the days before the onset of Russia's invasion of Ukraine last month, according to the company's top executive. The attacks are coming not only from groups inside of Russia but also from within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats, Emil Sayegh, president and CEO of Ntirety, an MSP that focuses on security, told The Register.

Anime giant Toei suffered a weekend cyberattack causing delays in airing new episodes of popular anime series, including ONE PIECE and Delicious Party Precure. According to the announcement by both Toei and ONE PIECE, the anime studio detected unauthorized access to their systems on Mach 6th, 2022.

A new rule proposed by the US Securities and Exchange Commission would force public companies to disclose cyberattacks within four days along with periodic reports about their cyber-risk management plans. Specifically, the proposed rule would amend the Form 8-K reporting requirements to include cybersecurity incident disclosure "Within four business days after the registrant determines that it has experienced a material cybersecurity incident." The 8-K is the form that the SEC requires public companies file to publicly announce corporate changes or big events that may be material to shareholders.

Enterprises need to create a more strategic alliance between their application security and cybersecurity teams if they are going to better protect themselves against cyberthreats. Appsec team members tend to be developers and quality assurance pros creating internal applications used within the organization or exposed publicly or privately to customers, while cybersecurity teams' jobs include penetration testing and responding to incidents, he said.