Security News

Sophos Security SOS Week is back by popular demand, from 26-29 September 2022! Four top security experts are once again stepping up to share their expertise in a series of daily 30-minute interviews.

The US government will award $1 billion in grants to help state, local, and territorial governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats. SLT governments face many challenges when it comes to defending against cyber threats, but one of the main ones is the lack of resources.

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine. CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an "Ongoing hack" affecting its decentralized finance operations, while its centralized finance and over-the-counter trading operations were unaffected.

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from "As many as" 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because "Courts have long granted an exception to border authorities, allowing them to search people's devices without a warrant or suspicion of a crime."

The Biden-nominated chief of space operations for the USA's Space Force rates China his greatest challenge, as the Middle Kingdom has developed technologies to destroy space assets. "The most immediate threat, in my opinion, is the pace with which our strategic challengers - first and foremost the Chinese - are aggressively pursuing capabilities that can disrupt, degrade and ultimately even destroy our satellite capabilities and disrupt our ground infrastructure," Space Force Lieutenant General B. Chance Saltzman said during a nomination hearing before the Senate Armed Services Committee earlier this week.

The Office of Management and Budget has issued a memo requiring US federal government agencies to use software that has been built according to secure software development practices and whose developers follow practices for software supply chain security, as specified by the National Institute of Standards and Technology. "Agencies are required to obtain a self-attestation from the software producer before using the software," the memo says, and "If the software producer cannot attest to one or more practices from the NIST Guidance identified in the standard self-attestation form, the requesting agency shall require the software producer to identify those practices to which they cannot attest, document practices they have in place to mitigate those risks, and require a Plan of Action & Milestones to be developed."

The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks. Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.

The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. MOIS is the Iranian government's leading intelligence agency, tasked with coordinating intelligence and counterintelligence efforts, as well as covert actions supporting the Islamic regime's goals beyond the country's borders.

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.

Mandiant is "Highly confident" that foreign cyberspies will target US election infrastructure, organizations, and individuals in the run-up to the November midterm elections. "We have tracked activity from groups associated with Russia, China, Iran, North Korea, and other nations targeting organizations and individuals related to elections in the US and/or other nations with apparent goals ranging from information collection and establishing footholds or stealing data for later activity to one known case of a destructive attack against critical election infrastructure," the Mandiant team said in research published today.