House approves massive infrastructure plan that includes $1.9 billion for cybersecurity
therecord.media/house-approves-massive-infrastructure-plan-that-includes-1-9-billion-for-cybersecurity/ The U.S. House of Representatives on Friday approved $1.2 trillion infrastructure bill that will investment nearly $2 billion in cybersecurity efforts throughout the federal government. The measure incorporates the Cyber Response and Recovery Act, which authorizes $100 million over five years to support federal response to cyber incidents. It also allows the Homeland Security Secretary, working with the National Cyber Director, to declare a significant cyber incident. CISA would coordinate the response to the event and tap the emergency fund to help both private companies, and the government, recover from cyberattacks.
Hackers Apologize to Arab Royal Families for Leaking Their Data
www.vice.com/en/article/n7nw8m/conti-ransomware-hackers-apologize-to-arab-royal-families-for-leaking-their-data In October, the infamous ransomware gang known as Conti released thousands of files stolen from the UK jewelry store Graff. Among the data Conti leaked, there were sensitive files belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump, according to The Daily Mail. There was also, according to the hackers themselves, information belonging to the UAE, Qatar, and Saudi royal families. “We found that our sample data was not properly reviewed before being uploaded to the blog, ” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”. “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience, ” the hackers added.
Ransomware Attack on Lab in Florida
www.infosecurity-magazine.com/news/ransomware-attack-on-florida-lab/ A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30, 000 patients.
Microsoft Warns Of Moving Target’ Password AttacksHere’s How To Stop Them
www.forbes.com/sites/daveywinder/2021/11/07/microsoft-confirms-rising-tide-of-moving-target-password-attacks-heres-how-to-stop-them/ While password spraying isn’t a technique that’s off the consumer radar, it’s an attack vector that DART has seen being ramped up in attacks targeting Microsoft’s business users recently.. What Microsoft explains is who these targets, based on the DART findings, are likely to be. The answer is admins. They could be Exchange or SharePoint admins, a security or helpdesk admin, maybe a user or company admin. The common denominator is the administrator part: Microsoft says it has specifically seen an increase in the number of cloud admin accounts being targeted in this way.
Kova väite: joka kolmas datakeskus heitteillä Suomessa [TILAAJILLE]
www.tivi.fi/uutiset/kova-vaite-joka-kolmas-datakeskus-heitteilla-suomessa/30bdd3b7-933a-4f89-bd34-8dc1f1ccaf39 Monissa datakeskuksissa ei nykyisin tehdä tarkempia selvityksiä laitteiden kunnosta, kunhan mikään varoitusvalo ei pala. Näin väittää Rittal, joka tarjoaa itse myös huoltopalveluita.
Operation Cyclone deals blow to Clop ransomware operation
www.bleepingcomputer.com/news/security/operation-cyclone-deals-blow-to-clop-ransomware-operation/ A thirty-month international law enforcement operation codenamed ‘Operation Cyclone’ targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. This Friday, new information came to light regarding how the operation was conducted and the law enforcement agencies involved. The transcontinental operation named ‘Operation Cyclone’ was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore, with assistance from Ukrainian and US law enforcement authorities. The operation was also assisted by private partners, including Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet, and Group-IB.
SolarWinds Investors Allege Board Knew About Cybersecurity Risks Ahead of Massive Breach
gadgets.ndtv.com/internet/news/solarwinds-hack-cyberattack-board-knew-security-risks-investors-allege-2600864 SolarWinds investors have sued the software company’s directors, alleging they knew about and failed to monitor cybersecurity risks to the company ahead of a breach that created a vulnerability in thousands of its customers’ systems.