David
GE Military Project Hack Sparks National Security Concerns – November 30th
General Electric (GE) recognized the data theft from threat actor IntelBroker pertaining to a project involving the Defence Advanced Research Projects Agency, sparking national security concerns. The GE Spokesperson commented on the data theft, saying they are thoroughly investigating the claims, will work on further protecting the integrity of their security systems, and that business operations will not be affected.
US Consumers Receive 2B Spam Calls Monthly – November 29th
According to Truecaller, US consumers were faced with two billion spam calls per month. Truecaller's Monthly US Spam and Scam Report also unveiled that around 195 million hours were wasted by answering these scam calls. The goal of these scam calls is to carry out credit card fraud, identity theft, and sensitive data collection.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
UK and US Develop Global AI Security Guidelines – November 27th
The UK's National Cyber Security Center (NCSC), in partnership with the US's Cybersecurity and Infrastructure Security Agency (CISA) launched the 'Guidelines for Secure AI System Development'. The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
The EU’s Proposed Cybersecurity Certification Scheme – November 24th
The European Union's Cybersecurity Agency (ENISA) is studying the possibility of broadening the proposed cybersecurity labeling rules that may affect big tech operating in Europe. The proposed EU certification scheme (EUCS) vouches for further cybersecurity measures of cloud services, ensuring companies in the bloc select an EU-based certified cybersecurity vendor for their business.
167% Rise in Malicious Bot Attacks Reported – November 23rd
Arkose Labs reported a 167% rise in malicious bot attacks for the first half of 2023. The Arkose Labs report focused on bots also stated that 73% of all website and app traffic measured comprised of malicious bots in order to initiate attack types such as SMS toll fraud, web scraping, card testing, and credential stuffing.
EU Cybersecurity Drill Tests Readiness for 2024 Elections – November 22nd
In preparation for the 2024 elections, the European Parliament's services, the European Commission, and the EU Agency for Cybersecurity conducted a cybersecurity exercise. The drill, held in the European Parliament, involved national and EU partners testing crisis plans and responses to potential cybersecurity incidents. Representatives from electoral and cybersecurity authorities participated, aiming to enhance their capacity to address cybersecurity issues and update protocols for securing election technology. The exercise addressed risks such as information manipulation and cyber-attacks, crucial for safeguarding the integrity of the upcoming European Parliament election scheduled for June 6-9, 2024.
MedTech Company Hit by Cyber Attack – November 21st
LivaNova reported a cyber attack to the SEC, resulting in disruption of the company’s operations. The MedTech company is now in the process of executing its incident response plan and placed some of its systems offline to minimize the damages of the attack.
Cybersecurity Executive Admits to Hospital Hacking for Business Gain – November 20th
In a startling revelation, Vikas Singla, the former COO of cybersecurity firm Securolytics, confessed to hacking two Georgia hospitals in June 2021 to enhance the company’s profile. Singla disrupted services at Gwinnett Medical Center hospitals, stealing patient data and publicizing the breach on Twitter. Facing 17 counts of computer damage and one count of information theft, Vikas Singla agreed to pay over $817,000 in restitution. Due to health issues, prosecutors recommended 57 months of probation, raising concerns about cyber threats jeopardizing public safety and healthcare data.
Samsung Customers in the UK Exposed by Data Breach – November 17th
Samsung notified its customers in the UK that a recent data breach potentially exposed customer data, stemming from a third-party business application vulnerability. Samsung UK further stated that the data affected only covers customers that purchased Samsung items in the UK online store, and ensured customers that the breach does not include passwords or financial data.
ALPHV/BlackCat Reports MeridianLink for Undisclosed Cyber Attack – November 16th
Ransomware gang, ALPHV/BlackCat has reported MeridianLink to the SEC, for not disclosing cyber attack. ALPHV/BlackCat informed the SEC that MeridianLink did not disclose details of the attack, which could potentially affect the data of the publicly traded company's thousands of financial organizations, banks, credit unions, and mortgage lenders. The lack of cyber compliance from MeridianLink breaks the SEC’s rule of disclosing cyber attacks within 4 days of the attack occurring to the agency.
97% of Consumers Predict More Cyberattacks – November 15th
ThreatX revealed in their latest research that 97% of consumers expect more cyberattacks this coming year. The ThreatX research also indicates that 69% of consumers predict these cyberattacks to become more complex, while only 13% believe they will be protected from cyberattacks.
EU and Ukraine Partner to Boost Cybersecurity – November 14th
The European Union Agency for Cybersecurity (ENISA) signed a Working Agreement with Ukraine’s Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to boost cybersecurity efforts. The Working Agreement signed by ENISA and SSSCIP will focus on the EU supporting Ukraine in its efforts to protect itself from geopolitically-fueled cyber attacks from Russian threat actors through improving critical infrastructure, cybersecurity skills, and capacity building.
Cybersecurity Market To Reach $478B by 2030 – November 13th
Despite recent talk of a tech slowdown that reaches cyber, Allied Market Research reported that the market is poised to grow to $478.68B by 2030, with a 9.5% annual growth rate. The data predicting the cybersecurity market's growth was taken from Allied Market Research's “Cyber Security Market by Component, Solution, Deployment Model, Enterprise Size, and Industry Vertical: Global Opportunity Analysis and Industry Forecast, 2021–2030”.
CISA Signs Cybersecurity MoU with the Republic of Korea – November 10th
The Cybersecurity and Infrastructure Security Agency (CISA) announced a signed Memorandum of Understanding (MoU) with the Republic of Korea's National Intelligence Service (NIS) to establish collaboration efforts under the bilateral Cyber Framework between the US and the Republic of Korea signed in April. The framework between the Republic of Korea and the US includes sharing technical and operational cyber threat information and best practices in cyber crisis management.