CyberScoop

Missed #CyberTalks? Access it anytime, anywhere! Dive into critical dialogues at the convergence of government and technology. The rapid rise in cyber threats, propelled by technological advancements like AI and the expanding capabilities of both nation-state and criminal hackers, demands robust defensive measures. Gain invaluable insights from leaders in the public and private sectors on strengthening our digital defenses and enhancing national and global security. 📅 Explore the full sessions from CyberTalks 2024, now available on-demand. Equip yourself with a wealth of expert knowledge and actionable strategies to enhance your organization’s security posture and contribute to worldwide stability. Watch now: https://lnkd.in/eUjhwKCv Harry Coker | Clare Martorana | Michael Duffy | Morgan Adamski | Iranga Kahangama | Anne Marie Schumann | Lt. Col. Andrew Wonpat | Cynthia Kaiser | Laura Galante | Nick P. | Cherilyn Pascoe | Jennifer Franks | Terry Kalka | Shelly Hartsook | Ami Luttwak | Erin Joe | Christine Halvorsen | Eric Trexler | Dr. Matthew McFadden | Marcos Rogers | Trevor Brenn | Wole Moses | Lamont Copeland | Gregory L. Otto | Billy Mitchell | Wyatt Kash | Goldy Kamali | Wiz | Google for Government - Google Cloud | Okta | Cisco | General Dynamics Information Technology | Palo Alto Networks | Varonis | Verizon Business

Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. https://lnkd.in/ekGwsUcN

Minnesota-based Arctic Wolf, a cybersecurity operations firm, announced an agreement Monday to acquire BlackBerry’s Cylance business for $160 million, a stark drop from the $1.4 billion BlackBerry initially paid to acquire the startup in 2018. Arctic Wolf is integrating Cylance’s AI-powered endpoint security technology into its platform to broaden its security solutions. With this acquisition, Arctic Wolf plans to bolster its presence in the competitive cybersecurity market, leveraging Cylance’s technology. It marks Arctic Wolf’s sixth acquisition to date, enhancing its portfolio with previous acquisitions such as RootSecure and Tetra Defense. https://lnkd.in/ewc_RpCn

Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in April of this year, the company believes Glutton has been “undetected in the cybersecurity landscape for over a year.” https://lnkd.in/dhtew9H6

The Cybersecurity and Infrastructure Security Agency on Monday opened a month-long public comment period for its updated draft plan detailing how the public and private sectors should respond to significant cyber incidents. The revamped National Cyber Incident Response Plan — an effort from CISA, the agency’s Joint Cyber Defense Collaborative and the Office of the National Cyber Director — builds on 2016’s Presidential Policy Directive-41, a pre-CISA document that provided a framework for how the federal government, private sector, international partners and state, local, tribal and territorial (SLTT) governments collectively respond to cyber incidents. https://lnkd.in/drWSPCgR

The CNCERT said it had “handled’ two attacks on Chinese tech companies, which it attributed to an unnamed suspected U.S. intelligence agency. https://lnkd.in/d9ydSrct

Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure” — recommends how agencies should weave cybersecurity into grant-making from the outset and gives them model technical language to use. The playbook also advises potential recipients on how to develop assessment and risk plans. https://lnkd.in/dM3uRvhz

Federal civilian agencies have a new list of cyber-related requirements to address after the Cybersecurity and Infrastructure Security Agency on Tuesday issued guidance regarding the implementation of secure practices for cloud services. CISA’s Binding Operational Directive (BOD) 25-01 instructs agencies to identify all of its cloud instances and implement assessment tools, while also making sure that their cloud environments are aligned with the cyber agency’s Secure Cloud Business Applications (SCuBA) configuration baselines. CISA Director Jen Easterly said in a statement that the actions laid out in the directive are “an important step” toward reducing risk across the federal civilian enterprise, though threats loom in “every sector.” https://lnkd.in/dBeFrCFz

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks. Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software. The vulnerabilities, which affected Cleo’s LexiCom, VLTrader, and Harmony products, have led to worries that sensitive data across various industries could be swiped by the group in a repeat of some of the most damaging security incidents of the past few years. https://lnkd.in/eG5TkeiU

Russia banned the cybersecurity company Recorded Future on Wednesday, labeling it an “undesirable” organization — much to its CEO’s delight. The company stands accused of collaborating with the Central Intelligence Agency, Ukraine and other countries. “They provide information and technical support for the propaganda campaign launched by the West against Russia,” Russia’s Office of Prosecutor General said in a notice translated by Google. “The organization participates in collecting and analyzing data on the actions of the Russian Armed Forces.” https://lnkd.in/euabK3Ba