Security News
A top US Army War College paper suggests Taiwan should credibly threaten to eradicate, or eradicate, its semiconductor industry if threatened by China so that Beijing would no longer be interested in unification. The US Army War College showed the paper was its most popular of the year, when it revealed it topped a list of the most downloaded papers of 2021 from its quarterly academic journal Parameters.
While this new report outlines authentication requirements for government agencies, they are also excellent guidelines for all fields and user levels. On the strength of passwords, NIST underlines that the requirements of using special characters, for example !$#%&, are obsolete since users still tend to add something that will keep the password memorable.
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. Last month, a US police department was breached by AvosLocker, who encrypted devices and stole data during the attack.
The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise attack. "According to the government's complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts," the Justice Dept said today.
The US Attorney's Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by trading on undisclosed financial data. M-13, according to the US government's complaint, provided IT and media monitoring services, cyber security consulting, and penetration testing, and claimed prominent Russian government officials and agencies as clients.
Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg. The snooping code reportedly deleted itself, but Australia's intelligence services decided China's intelligence services were responsible, "Having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom's systems."
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. "To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action," CISA Director Jen Easterly said at the time.
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. The order comes through an emergency directive issued by the Cybersecurity and Infrastructure Security Agency today.
The RAF has scored its first air-to-air "Kill" - where an aircraft downs an enemy aircraft - for almost 40 years after shooting down a drone over Syria. "The engagement took place on 14 December when the drone activity was detected above the Al Tanf Coalition base in Syria," said the MoD. "RAF Typhoons conducting routine patrols in the area were tasked to investigate."
Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. It's interesting this is coming to light as the US government's Cybersecurity and Infrastructure Security Agency tells all federal civilian agencies to take care of CVE-2021-44228 by December 24, 2021.