Security News

US president Joe Biden on Monday issued an Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security - a title that is not quite as simple it seems. The Order and explanatory statement point out that commercial spyware has been used by authoritarian regimes to target activists and journalists, has been deployed without proper authority in democracies, and poses a security risk to the US and other nations.

The New York Times is reporting that a US citizen's phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta's security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. "Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a.NET deserialization vulnerability in Progress Telerik user interface for ASP.NET AJAX, located in the agency's Microsoft Internet Information Services web server," the joint advisory said.

A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service servers. The announcement, titled "350 GB from US Marshal Service law enforcement confidential information," was added earlier today using an account registered yesterday afternoon.

Last year, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting a critical. According to a joint advisory issued today by CISA, the FBI, and MS-ISAC, the attackers had access to the server between November 2022 and early January 2023 based on indicators of compromise found on the unnamed federal civilian executive branch agency's network.

The US Attorney's Office for the district alleged Sagar Steven Singh and Nicholas Ceraolo had not only blackmailed victims using their personal info by threatening to post it on a public-facing website, but they also made "Emergency requests" to social media companies asking for information about users. It might interest readers to know that Twitter, for example, had 11,500 requests for information on 28,000 accounts worldwide from government and law enforcement officials from July to December 2021.

According to the Monetary Authority of Singapore, trade barriers between US and China have resulted in geoeconomic fragmentation and will likely result in slower global growth and higher inflation. Speaking at the at the IMAS-Bloomberg Investment Conference on Thursday, MAS managing director Ravi Menon said tensions between the US and China have not only affected the two countries, but global trade patterns and supply chains as well.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.

The Environmental Protection Agency is outlining steps public water systems officials need to take to protect drinking water supplies, and mandating cybersecurity assessments in their 'sanitary surveys' of the water systems. Security software maker Tripwire said in a September 2022 report that many of the water systems in the country "Are small, serving low-density communities and functioning on limited budgets. The fragmented nature of water utility coverage coupled with low budgets and limited technological expertise means many systems are outdated and under-protected."

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration.The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.