Aliens, Spy Balloons, or Drones? SUV-Sized Mystery Objects Spotted in U.S. Skies
Article Link https://www.theregister.com/2024/12/12/mystery_objects_us/
- Since mid-November 2024, residents across New Jersey, New York, and Pennsylvania have reported sightings of large, mysterious flying objects, some described as SUV-sized drones with unusual lights.
- These sightings have sparked widespread speculation, with theories ranging from foreign surveillance operations to extraterrestrial activity. The Federal Aviation Administration (FAA) has responded by temporarily banning drone flights over sensitive areas, including President-elect Donald Trump’s golf club and a major military research facility in New Jersey.
- Local and federal authorities, including the FBI and Homeland Security, are investigating the incidents. New Jersey Governor Phil Murphy has assured the public that there is no known threat at this time.
- Officials urge residents to report any information or footage of these objects to the FBI at 1-800-225-5234 or via their online tip portal.
FCC Proposes New Cybersecurity Rules for Telecoms
Article Link: https://www.darkreading.com/cyberattacks-data-breaches/fcc-new-cybersecurity-rules-telecoms
- The Federal Communications Comminssion (FCC) has proposed new rules requiring telecom companies to secure their networks against unauthorized access and submit annual certifications of their information security risk management plans.
- This initiative responds to breaches by the Chinese state-sponsored group “Salt Typhoon,” which infiltrated at least eight U.S. telecom firms, including Verizon and AT&T, compromising sensitive data.
- The proposal aims to strengthen national security by ensuring that telecom networks are protected against sophisticated cyber threats, thereby safeguarding consumer data and communications infrastructure.
- Telecom providers are encouraged to develop comprehensive information security plans, conduct regular security audits, and promptly address vulnerabilities to comply with the proposed FCC regulations.
U.S. Offers $5 Million for Info on North Korean IT Worker Farms
Article Link: https://www.bleepingcomputer.com/news/security/us-offers-5-million-for-info-on-north-korean-it-worker-farms/
- The U.S. State Department is offering a reward of up to $5 million for information leading to the disruption of North Korean front companies and their IT workers, who have illicitly generated over $88 million through remote employment schemes.
- These workers, employed by China-based Yanbian Silverstar and Russian-based Volyasys Silverstar, used stolen identities to secure freelance IT jobs worldwide, funneling earnings to North Korea’s weapons programs.
- This operation violates international sanctions and poses substantial security risks as the funds support North Korea’s prohibited nuclear missile development.
- The State Department is urging individuals with relevant information to come forward so these networks can be dismantled to prevent further exploitation of businesses around the world.
Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application
Article Link: https://www.securityweek.com/ivanti-patches-critical-flaws-in-connect-secure-cloud-services-application/
- Ivanti has released patches for critical vulnerabilities in its Cloud Services Application (CSA), Connect Secure (ICS), and Policy Secure (IPS) products.
- The most severe flaw, CVE-2024-11639, is an authentication bypass in the CSA admin web console, allowing remote, unauthenticated attackers to gain administrative access.
- Additional vulnerabilities include command injection (CVE-2024-11772) and SQL injection (CVE-2024-11773) in the CSA, both enabling remote code execution.
- Ivanti has addressed these issues in CSA version 5.0.3 and recommends users update promptly to protect their systems.
Rhode Island Hit by Data Breach as Hackers Demand Ransom
Article Link: https://www.reuters.com/technology/cybersecurity/rhode-island-hit-by-data-breach-hackers-demand-ransom-2024-12-15/
- Rhode Island’s RIBridges system, which manages government assistance programs, suffered a data breach compromising personal and financial information of hundreds of thousands of residents.
- An international cybercriminal group infiltrated the system earlier this month, stealing sensitive data and demanding a ransom to prevent its release.
- Affected individuals include users of SNAP, Temporary Assistance for Needy Families, and HealthSource RI since 2016. In response, Deloitte, the system’s vendor, has shut down RIBridges, requiring new applicants to temporarily use paper forms.
- Impacted households will receive notification letters with steps to protect their data and bank accounts. Authorities advise vigilance against potential fraud and recommend monitoring financial statements closely.
We Must Adjust Expectations for the CISO Role
Article Link: https://www.helpnetsecurity.com/2024/12/12/ciso-role-expectations/
- A survey by Portnox, involving 200 Chief Information Security Officers (CISOs), reveals that 99% are concerned about job security following a security breach, with 77% expressing serious concerns.
- The role of CISOs has expanded beyond technical oversight to include risk management, regulatory compliance, and strategy alignment. These pressures are amplified by increasing cyberattacks, risks from third-party vendors, and challenges tied to remote workforces.
- The shift in responsibilities has placed CISOs under greater scrutiny from boards and executives, making their role vital yet more complex as they balance security needs with limited resources.
- Organizations should consider equipping CISOs with adequate resources for hiring, technology investments, and clear communication channels with leadership to ally security strategies with business goals.
- Survey: https://www.portnox.com/blog/press-releases/portnox-survey-reveals-cisos-surprising-views-on-job-security-zero-trust-mfa-and-more/
New Domain Names Such as .shop and .xyz Are Proving Popular for Cybercrime
Article Link: https://www.techradar.com/pro/security/new-domain-names-such-as-shop-and-xyz-are-proving-popular-for-cybercrime
- A study by Interisle Consulting Group, analyzing 16 million cybercrime events, found that new domains like .shop, .top, and .xyz, through only 11% of registrations, were linked to 37% of cybercrime domains from September 2023 to August 2024.
- These domains are favored by cybercriminals for their low costs, some as cheap as $1, and minimal registration requirements, enabling phishing and other scams.
- Phishing attacks linked to these domains have risen by 40%, creating risks for online users as ICANN plans to release additional generic top-level domains (gTLDs).
- Experts suggest stronger registration rules, improved verification processes, and advanced tools to detect and suspend harmful domains promptly.
- Study: https://interisle.net/insights/phishing-landscape-2024-an-annual-study-of-the-scope-and-distribution-of-phishing
ISC2 Survey Reveals Critical Gaps in Cybersecurity Leadership Skills
Article Link: https://www.infosecurity-magazine.com/news/isc2-gaps-cybersecurity-leadership/
- An ISC2 survey of 259 information security professionals reveals a lack of key leadership skills like communication, strategic thinking, and business acumen.
- The industry’s focus on technical expertise has left leadership development behind, with only 63% receiving formal training and 81% learning by observing others.
- With information security now a boardroom priority, weak leadership hinders effective communication and strategic alignment, putting organizational resilience and security at risk.
- Companies should invest in leadership training for information security professionals, focusing on communication a strategy to build well-rounded leaders capable of navigating complex business environments.
- Survey: https://www.ey.com/en_gl/insights/consulting/is-your-greatest-risk-the-complexity-of-your-cyber-strategy#:
- Study: https://www.isc2.org/Insights/2023/10/ISC2-Cybersecurity-Workforce-Study-Demand-Strong-for-Cloud-and-AI-Skills-while-Workforce-Gap-Expands
Researchers Crack Microsoft Azure MFA in an Hour
Article Link: https://www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour
- Researchers found a critical flaw in Microsoft Azure MFA, enabling attackers to bypass security and access user accounts within an hour.
- The vulnerability lacked rate limiting, allowing attackers to flood the system with guesses, while codes remained valid for an extended 2.5-minute window.
- Over 400 million Microsoft 365 users were at risk of account takeovers, subjecting sensitive data until Microsoft patched the issue in October 2024.
- Organizations should adopt MFA solutions with rate limiting and shorter code validity while performing regular security assessments to protect accounts.
