Security News

The NASA Office of Inspector General has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective." We could go on, but you get the idea: NASA infosec isn't great.

The United States Department of Commerce has added 36 Chinese companies or subsidiaries to its list of companies that cannot import certain US technologies without a license, citing national security, foreign policy interests, and the possibility that some might help already banned companies to evade restrictions. YMTC is already listed on the Department's Unverified List and is therefore unable to procure some US wafer fab equipment and other US-made technologies.

The US Department of Justice unsealed a 16-count indictment today accusing five Russians, an American citizen, and a lawful permanent US resident of smuggling export-controlled electronics and military ammunition out of the United States for the Russian government. Alexey Brayman, the lawful permanent US resident; and Vadim Yermolenko, the US citizen, were both apprehended in the United States.

The signature of a US Executive Order by President Biden on 7 October 2022, along with the regulations issued by US Attorney General Merrick Garland, agreed that access to personal data from Europe by US intelligence agencies would be limited to what is necessary and proportionate to protect national security. Under the Cloud Act, US law enforcement authorities can request personal data from US-based technology companies, regardless of the data's location, and this has been one of the key reasons data sharing with America is viewed as potentially not complying with EU privacy rules.

According to Cisco Talos, TrueBot malware now collects Active Directory information, which means it targets businesses with larger IT resources. In addition to targeting larger organizations, the malware is experimenting with new delivery methods: Netwrix Auditor bundled with the Raspberry Robin malware.

The U.S. Department of Health and Human Services issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center -HHS' security team- revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs.

Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. The suspects identified in four recently unsealed U.S. indictments are Akinola Taylor, Olayemi Adafin, Olakunle Oyebanjo, and Kazeem Olanrewaju Runsewe.

In Palmdale, California on Friday, Northrop Grumman CEO Kathy Warden revealed a US Air Force warplane that had only been shown in artist renderings and is supposed to be seldom seen, the B-21 Raider. "With this aircraft, we're delivering the next generation of stealth technology designed for the US Air Force to meet its most complex missions."

Researchers at secure coding company Checkmarx have warned of porn-themed malware that's been attracting and attacking sleazy internet users in droves. The scam in this case claims to offer software that can reverse the effects of TikTok's Invisible filter, which is a visual effect that works a bit like the green screen or background filter that everyone seems to use these days in Zoom calls.

The United States government, through the Federal Communications Commission, has banned the sale of equipment from Chinese telecommunications and video surveillance vendor Huawei, ZTE, Hytera, Hikvision, and Dahua due "Unacceptable risks to national security". "The Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States," reads the press release from the FCC. "These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications," commented Chairwoman J. Rosenworcel.