Security News

US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. It directs the Department of Homeland Security's CISA and the Department of Commerce's NIST, in collaboration with other federal agencies, to develop cybersecurity performance goals and guidance for critical infrastructure orgs.

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors. The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries - a reality made clear by the May hack of the nation's largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.

The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications. In a joint advisory published Wednesday, cybersecurity response agencies from the U.S., the U.K., and Australia called special attention to flaws in network perimeter tech from Citrix, Fortinet, Pulse, F5 Networks and MobileIron.

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans. Due to Brexit, the government can amend the UK's Network and Information Security Regulations to let the Information Commissioner's Office, the local data watchdog, dictate what kind of cybersecurity breaches must be reported to it.

In contrast, the Twitter hack we're referring to ultimately led to the takeover of just 45 accounts. The suspects were alleged to have previous form in hacking and trading in so-called OG accounts, where OG is short for original gangster.

A British man has been charged in the United States in connection with a Twitter hack last summer that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday. Joseph O'Connor, 22, was arrested in the coastal resort town of Estepona, Spain, on an arrest warrant accusing him of involvement in a July 2020 hack of more than 130 accounts, and of hacks that prosecutors said took over TikTok and Snapchat accounts, including "One of the most viewed and followed" TikTok stars.

Three US senators have written to their nation's Olympic Committee with a request that it "Forbid American athletes from receiving or using Digital Yuan during the Beijing Olympics" - a reference to the Winter Games scheduled to commence on February 4th, 2022. "While the Chinese Communist Party insists their efforts are aimed at digitizing bank notes and coins, Olympic athletes should be aware that the Digital Yuan may be used to surveil Chinese citizens and those visiting China on an unprecedented scale," wrote [PDF] Senators Marsha Blackburn, Roger Wicker and Cynthia Lummis.

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security. "In a statement issued by the White House on Monday, the administration said,"with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.

Chinese state-sponsored attackers have breached 13 US oil and natural gas pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.

Former journalist Matthew Keys, who served two years in prison for posting his Tribune Company content management system credentials online a decade ago in violation of America's Computer Fraud and Abuse Act, has been ordered back to prison for violating the terms of his supervised release. On Monday, Keys, 34, a resident of Vacaville, California, received an additional six-month sentence and 18 months of supervision with computer monitoring requirements, according to the US Attorney's Office of the Eastern District of California.