Security News

A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service servers. The announcement, titled "350 GB from US Marshal Service law enforcement confidential information," was added earlier today using an account registered yesterday afternoon.

Last year, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting a critical. According to a joint advisory issued today by CISA, the FBI, and MS-ISAC, the attackers had access to the server between November 2022 and early January 2023 based on indicators of compromise found on the unnamed federal civilian executive branch agency's network.

The US Attorney's Office for the district alleged Sagar Steven Singh and Nicholas Ceraolo had not only blackmailed victims using their personal info by threatening to post it on a public-facing website, but they also made "Emergency requests" to social media companies asking for information about users. It might interest readers to know that Twitter, for example, had 11,500 requests for information on 28,000 accounts worldwide from government and law enforcement officials from July to December 2021.

According to the Monetary Authority of Singapore, trade barriers between US and China have resulted in geoeconomic fragmentation and will likely result in slower global growth and higher inflation. Speaking at the at the IMAS-Bloomberg Investment Conference on Thursday, MAS managing director Ravi Menon said tensions between the US and China have not only affected the two countries, but global trade patterns and supply chains as well.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.

The Environmental Protection Agency is outlining steps public water systems officials need to take to protect drinking water supplies, and mandating cybersecurity assessments in their 'sanitary surveys' of the water systems. Security software maker Tripwire said in a September 2022 report that many of the water systems in the country "Are small, serving low-density communities and functioning on limited budgets. The fragmented nature of water utility coverage coupled with low budgets and limited technological expertise means many systems are outdated and under-protected."

The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration.The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. TikTok has been downloaded by billions of people around the world, and is particularly popular among young people - but the US government believes that data could be shared with the Chinese government.

What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency Director Jen Easterly. "Government can work to advance legislation to prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services," Easterly said.

The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a "Major" breach of its information security defenses allowed a ransomware infection and exfiltration of "Law-enforcement sensitive information". NBC broke news of the incident, which Marshals Service spokesperson Drew Wade described as having impacted a system that "Contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."