Tag: Cybersecurity
Chip war with China heats up
As the Biden administration prepares to impose further limits on China’s access to leading-edge chip technology, news has broken over the weekend that Chinese hackers have been siphoning off some of Europe’s ground-breaking chip technology for years. The infamous Chinese hacker group Chimera, had access to the network of Dutch semiconductor giant NXP, for over two years, from late 2017 to the beginning of 2020. The hackers, believed to be backed by the Chinese Communist Party (CCP), are understood to have consistently stolen intellectual property, including, crucially, the company’s cutting-edge chip designs. According to sources close to the situation, the full extent of the threat has still to be disclosed.
UK and US Develop Global AI Security Guidelines – November 27th
The UK's National Cyber Security Center (NCSC), in partnership with the US's Cybersecurity and Infrastructure Security Agency (CISA) launched the 'Guidelines for Secure AI System Development'. The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
The EU’s Proposed Cybersecurity Certification Scheme – November 24th
The European Union's Cybersecurity Agency (ENISA) is studying the possibility of broadening the proposed cybersecurity labeling rules that may affect big tech operating in Europe. The proposed EU certification scheme (EUCS) vouches for further cybersecurity measures of cloud services, ensuring companies in the bloc select an EU-based certified cybersecurity vendor for their business.
US Congress tries to block new cyber rulings
New cybersecurity rulings due to come into full force less than a month from today are being blocked in the US Congress and the House of Representatives. The new rulings include the mandatory reporting of any ‘material’ cyber-attack within four working days and were drawn up by the Securities and Exchange Commission (SEC). But, according to a statement issued by Congressman Andrew Barbarino, Chairman of Homeland Security’s Cybersecurity and Infrastructure Protection Subcommittee, and Senator Thom Tillis: “This cybersecurity disclosure rule is a complete overreach on the part of the SEC … also increasing cybersecurity risk without a congressional mandate and in direct contradiction to public law that is intended to secure the homeland.”
MedTech Company Hit by Cyber Attack – November 21st
LivaNova reported a cyber attack to the SEC, resulting in disruption of the company’s operations. The MedTech company is now in the process of executing its incident response plan and placed some of its systems offline to minimize the damages of the attack.
Cybersecurity Executive Admits to Hospital Hacking for Business Gain – November 20th
In a startling revelation, Vikas Singla, the former COO of cybersecurity firm Securolytics, confessed to hacking two Georgia hospitals in June 2021 to enhance the company’s profile. Singla disrupted services at Gwinnett Medical Center hospitals, stealing patient data and publicizing the breach on Twitter. Facing 17 counts of computer damage and one count of information theft, Vikas Singla agreed to pay over $817,000 in restitution. Due to health issues, prosecutors recommended 57 months of probation, raising concerns about cyber threats jeopardizing public safety and healthcare data.
Samsung Customers in the UK Exposed by Data Breach – November 17th
Samsung notified its customers in the UK that a recent data breach potentially exposed customer data, stemming from a third-party business application vulnerability. Samsung UK further stated that the data affected only covers customers that purchased Samsung items in the UK online store, and ensured customers that the breach does not include passwords or financial data.
ALPHV/BlackCat Reports MeridianLink for Undisclosed Cyber Attack – November 16th
Ransomware gang, ALPHV/BlackCat has reported MeridianLink to the SEC, for not disclosing cyber attack. ALPHV/BlackCat informed the SEC that MeridianLink did not disclose details of the attack, which could potentially affect the data of the publicly traded company's thousands of financial organizations, banks, credit unions, and mortgage lenders. The lack of cyber compliance from MeridianLink breaks the SEC’s rule of disclosing cyber attacks within 4 days of the attack occurring to the agency.
97% of Consumers Predict More Cyberattacks – November 15th
ThreatX revealed in their latest research that 97% of consumers expect more cyberattacks this coming year. The ThreatX research also indicates that 69% of consumers predict these cyberattacks to become more complex, while only 13% believe they will be protected from cyberattacks.
EU and Ukraine Partner to Boost Cybersecurity – November 14th
The European Union Agency for Cybersecurity (ENISA) signed a Working Agreement with Ukraine’s Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to boost cybersecurity efforts. The Working Agreement signed by ENISA and SSSCIP will focus on the EU supporting Ukraine in its efforts to protect itself from geopolitically-fueled cyber attacks from Russian threat actors through improving critical infrastructure, cybersecurity skills, and capacity building.
CISA Signs Cybersecurity MoU with the Republic of Korea – November 10th
The Cybersecurity and Infrastructure Security Agency (CISA) announced a signed Memorandum of Understanding (MoU) with the Republic of Korea's National Intelligence Service (NIS) to establish collaboration efforts under the bilateral Cyber Framework between the US and the Republic of Korea signed in April. The framework between the Republic of Korea and the US includes sharing technical and operational cyber threat information and best practices in cyber crisis management.
FBI targets casino cybercrime
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.