Cyber News Around the world

In the fast paced landscape of cyber research, we are happy to serve as a vital hub for the swift and informed dissemination of news within the cyber community.  By cultivating a collaborative environment and promoting the transparent sharing of news, we aim to empower our community to stay ahead of cyber adversaries and contribute to the ongoing development of resilient cyber solutions. 

 

March 2024:

 

Forbes: Practical cybersecurity recommendations to align your operational technology (OT) cybersecurity strategy to the Joint Cyber Defense Collaborative (JCDC) priorities that will improve your cybersecurity resiliency.

Read more: Put New Joint Cyber Defense Collaborative Priorities Into Action

Federal Cybersecurity and Infrastructure Security Agency (CISA): which had previously issued warnings about hackers exploiting zero-day vulnerabilities in certain Ivanti products, now says that it has had its own systems compromised.

Read more: Federal Cyber Agency Offlines 2 Systems After Ivanti Hack

National Law Review: Since the dawn of digitalization, the collection and retention of personal and other business confidential data by employers has implicated security and privacy challenges—by amassing a treasure trove of data for bad actors (or unwitting/unauthorized employees) and drawing a roadmap for those seeking to breach the system. Adding artificial intelligence (AI) into the mix creates further areas of concern.

Read more: More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace

Nissan hack in Australia and New Zealand, customers have been the victims of a malicious cyberattack, compromising the personal information of over 10,000 individuals.

Read more: 10K+ Users Data Stolen by Hackers

Lloyds Publishes Report: Major leaps in the effectiveness of Generative AI (GenAI) and Large Language Models (LLMs) have dominated the discussion around artificial intelligence over the past 18 months. Given its growing availability and sophistication, the technology will inevitably reshape the cyber risk landscape.

Read more: Generative AI: Transforming the cyber landscape

Microsoft and OpenAI: Found and shutdown suscipious accounts belonging to five state-affiliated malicious actors using AI tools, including ChatGPT, to carry out cyberattacks.

Read more: Cyber attackers are using AI to get better, Microsoft executive says

Asia Times: US now features cybersecurity in annual Cobra Gold joint exercises while Huawei is working hand-in-hand with Thai authorities to thwart cyber threats.

Read more:  US, China wrestling for Thailand’s cyber soul

Microsoft: corporate email systems were attacked by Midnight Blizzard, a Russian state-sponsored actor.

Read more: Microsoft says Russian hackers are trying to get into its source code

Calcalist: the pace at which AI is evolving presents challenges and opportunities in the realm of cybersecurity as well. For instance, cybercriminals can exploit advanced AI tools to craft malware and sophisticated cyberattacks that can cause significant damage to organizations and critical infrastructure.

Read more: Hackers can use ChatGPT too: How GenAI became a powerful cyber-weapon

 

February 2024:

 

Check Point Research: 2024's Cyber Battelground Unveiled - Escalating Ransomware Epidemic, the Eveloution of Cyber Warfare Tactics and Strategic use of AI in Defense

Read more: Check Point's Latest Security Report

Microsoft: Since Hamas attacked Israel in October 2023, Iranian government-aligned actors have launched a series of cyberattacks and influence operations (IO) intended to help the Hamas cause and weaken Israel and its political allies and business partners.

Read more: Iran accelerates cyber ops against Israel from chaotic start

BBC on Ransomware Attacks in the UK.

Read more: Why some cyber-attacks hit harder than others

Forbes:  Cybersecurity attack at Change Healthcare, a subsidiary of UnitedHealth Group, has caused prescription delays and disruptions at a number of pharmacies across the U.S. and is ongoing.

Read more: Change Healthcare Cyberattack Disrupts Services Nationwide—Here’s What To Know

 

January 2024:

 

World Economic Forum Report

Read more: Global Cybersecurity Outlook 2024

Microsoft: security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.

Read more: Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

 

December 2023:

 

The Washington Post reviews the year's cybersecurity trends. 

Read more: The year in cyber

The World Economic Forums shares the major stories that defined cybersecurity in 2023.

Read more: 6 stories that defined cybersecurity in 2023

The Wall Street Journal's review of regulation and cybercrime in 2023.

Read more: Regulators Got Tough on Cyber in 2023 as Crime Soared

Computer Security Online (CSO) projects the next few years will see AI tip the scales  between threat actors and security teams protecting the enterprise. Collaboration with government is key to the tech industry coming out ahead.

Read more: Surviving the cyber arms race in the age of generative AI

As the SEC's expanded cybersecurity rules come into effect, drastic changes in regulatory compliance ensue.

Read more: A quiet cybersecurity revolution is touching every corner of the economy as U.S., allies ‘pull all the levers’ to face new threats

Reuters reports that Britain's National Grid has removed components supplied by China-backed Nari Technology over cyber security fears.

Read more: Britain's National Grid drops China-based supplier over cyber security fears - FT

The American National Security Agency (NSA), along with the FBI, warn that Russian Foreign Intelligence Service (SVR)  cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and in allied countries.

Read more: Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

Services restored following a cybersecurity breech at the Long Beach Public Library, which took the majority of its official website’s connections, networks and systems offline.

Read more: Long Beach Public Library’s digital offerings brought back online after cyber attack

Museums, galleries and archives have been urged to tighten their cyber security following the massive ransomware attack on the British Library, a major hack by the criminal group Rhysida that has left it severely incapacitated.

Read more: Museums on alert following British Library cyber attack

Calcalist reports joint investigation revealed that the Iranian Ministry of Intelligence’s Agrius and Hezbollah’s Lebanese Cedar were behind the cyber attack on Ziv Medical Center in Israel, in which 300,000 patient records were stolen.

Read more: Iran and Hezbollah were behind cyberattack on Israeli hospital, says National Cyber Directorate

Draft regulation establishes EU capabilities to make Europe more resilient and reactive in front of cyber threats, while strengthening cooperation mechanisms.

Read more: Cyber solidarity act: member states agree common position to strengthen cyber security capacities in the EU

A recent cyber attack on Ukraine’s largest telecommunications provider, Kyivstar, caused temporary chaos among subscribers and thrust the cyber front of Russia’s ongoing invasion back into the spotlight.

Read more: Ukrainian telecoms hack highlights cyber dangers of Russia’s invasion

The European Research Council (ERC) warns researchers to maintain academic integrity if they use artificial intelligence (AI) tools to write research proposals.

Read more: European Research Council issues warning on AI’s use in grant applications

Time reports that 70% of Iran’s petrol stations have seen their services disrupted  after a massive cyber attack was carried out by the hacker group Gonjeshke Darande, which also claimed responsibility for attacks against Iranian petrol stations, rail networks and steel factories, according to Iranian state media.

Read more: What to Know About the Hacker Group That Shut Down 70% of Iran’s Gas Stations

The Washington Post reports the Chinese military is ramping up its ability to disrupt key American infrastructure, including power and water utilities as well as communications and transportation systems, according to U.S. officials and industry security officials.

Read more: China’s cyber army is invading critical U.S. services

BBC News reports the UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life.

Read more: Russia hacking: 'FSB in years-long cyber attacks on UK', says government

 

November 2023:

 

The EU Council presidency and European Parliament's negotioators have reached a provisional agreement on the proposed legislation regarding cybersecurity requirements for products with digital elements, which aims to ensure that products such as connected home cameras, fridges, TVs and toys are safe before they are placed on the market (cyber resilience act).  

Read more: Cyber resilience act: Council and Parliament strike a deal on security requirements for digital products

Calcalist reports that the Israeli Knesset (parliament) approved full access to the biometric database to the Israel Defense Forces (IDF), the Shin Bet and the Mossad and seeks to grant them access to private security cameras.

Read more: Israel’s security bodies receive direct access to biometric databases and cameras

 

October 2023:

 

Reuters indicates that both public and private companies need to make sure they are complying with pertinent parts of new regulations  as the SEC readies its new rules on cybersecurity and disclosure of breaches.

Read more: Companies should prepare to comply with new SEC cybersecurity rules

 

September 2023: 

 

BBC News reports Ukraine cyber-operators are being deployed on the front lines of the war, duelling close-up with their Russian counterparts in a new kind of high-tech battle.

Read more: Ukraine war: Cyber-teams fight a high-tech war on front lines

Reuters Legal News and Westlaw Today provide an attorney analysis on cybersecurity law, compliance and protection and government imposed civil obligations on organizations.

Read more: Cybersecurity law, compliance and protection

 

August 2023:

 

Computer Security Online (CSO) says the US Securities and Exchange Commission’s aggressive new rules mark a profound regulatory shift in how businesses are now required to manage their cybersecurity risks.

Read more: Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations

The International Association for Privacy Professionals (IAPP), the world's larget global information privacy community, on the California Privacy Protection Agency issued draft regarding risk assessments and cybersecurity audits. The regulations, if adopted, would have the indirect effect of imposing significant cybersecurity requirements on companies collecting or otherwise processing personal data.

Read more: California privacy agency lays out vision for cybersecurity regulation

 

July 2023: 

 

The Federal Register, the Daily Journal of the United States Government, published a proposed rule by the Federal Trade Commission (FTC).

Read more: Children's Online Privacy Protection Rule Proposed Parental Consent Method; Application of the ESRB Group for Approval of Parental Consent Method

 

June 2023: 

 

The Washington Post reports that SEC rules changes are the latest battleground over government cybersecurity mandates.

Read more: Proposed SEC Cyber Regulations Draw Mixed Reviews

 

May 2023:

The European Council approved conclusions on cyber defence, stressing the need for the EU and its member states to further strengthen their resilience to cyber threats and enhance its common cyber security and cyber defence against malicious behaviour and acts of aggression in cyberspace.

Read more: Cyber defence: Council conclusions stress the importance of further strengthening the EU’s resilience to cyber threats

 

April 2023:

 

The EU Cyber Solidarity Act includes a series of actions to strengthen solidarity and enhance coordinated EU detection and situational awareness, while at the same time supporting Member States' preparedness and response capabilities to significant or large-scale cybersecurity incidents.

Read more: Questions and Answers: Cyber: towards stronger EU capabilities for effective operational cooperation, solidarity and resilience