Cyber Connections News Roundup: July 26

Posted on July 26, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Spotlight.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 26

T-Mobile Settles for 2021 Cyberattack

According to an article on www.cybersecuritydive.com, T-Mobile has agreed to $500M settlement for the class-action lawsuit stemming from the massive data breach it suffered in 2021. The settlement, reached on July 22, still requires final court approval. It includes a $350 million payment to members of the class action and its related legal costs. T-Mobile also agreed to invest an additional $150 million in data security and cybersecurity technology in 2022 and 2023. The data breach was widely regarded as the largest carrier breach on record, marking the fifth publicly acknowledged security incident for T-Mobile in three years. Read more.

Web Application Threats Continue to Plague Healthcare

According to a recent report on https://healthitsecurity.com, basic web application attacks have overtaken miscellaneous errors in causes of breaches in the healthcare sector. According to the Verizon Business 2022 Data Breach Investigations Report (DBIR), basic web application attacks, miscellaneous errors, and system intrusions represented 76 percent of all healthcare breaches. The HHS Health Sector Cybersecurity Coordination Center (HC3) and the HHS 405(d) Program outlined the definition and characteristics of web application attacks and explored how they threaten healthcare cybersecurity in its latest brief. Examples include online forms, spreadsheets, email programs, patient portals, EHR systems, patient monitoring applications with IoT devices, and online pharmacies. Read more.

TSA Revises and Reissues Cybersecurity Requirements for Pipeline Owners and Operators

According to a press release from the Transportation Security Administration (TSA), the agency has revised and reissued its Security Directive regarding oil and natural gas pipeline cybersecurity. Developed with input from industry stakeholders and federal partners, including the Cybersecurity and Infrastructure Security Agency (CISA), the reissued security directive extends cybersecurity requirements for another year, and focuses on performance-based – rather than prescriptive – measures to achieve critical cybersecurity outcomes. Following the May 2021 ransomware attack on a major pipeline, this version of the security directive continues to take steps that protect transportation infrastructure from evolving cybersecurity threats. Read more.

Are You Cyber Safe For Summer Travel Season?

It is critical to understand the tools we need to protect ourselves while traveling, according to a recent article on www.traveldailynews.com. Often, travel is a time when we’re rushed, tired, and vulnerable to cybersecurity fraud. It’s a time when we need the internet, and so we connect to unsecured Wi-Fi hotspots. We may find ourselves removed from a focus on our device security that is needed to remain protected. Most experts agree that the following suite of cybersecurity tools is essential while traveling: a Virtual Private Network, an antivirus suite, a malware suite, and a privacy-focused browser. Read more.

The Cybersecurity Job Market Continues to Stay Hot

In 2017, the global cybersecurity industry had an approximate market size of $86.4 billion, according to research conducted by Gartner, a tech research and consulting firm. By 2027, the global cybersecurity market is expected to grow nearly 80% from where it was in 2017, according to market research company BrandEssence. According to a recent article on www.fortune.com, BrandEssence projects that the global cybersecurity market will reach $403 billion; that’s with a compound annual growth rate of 12.5% between 2020 and 2027. According to the article, this rapid growth is a result of the interplay between the actions of cybercrime actors and the intelligence agencies that are trying to keep pace. Read more.

Cyber Connections News Roundup: July 12

Posted on July 12, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

July 12

Police Database Breach in China May Be Largest Ever

In what may be the largest breach in history, unnamed hackers recently breached the personal data of 1 billion Chinese citizens from a Shanghai police database, according to a recent report on www.washingtonpost.com. In a post on an underground hacker forum, an anonymous poster or a group advertised the availability of the data and released a sample that purportedly contained 750,000 records. The asking price for the entire 23-terabyte database was 10 bitcoin, or about $200,000. The post has since been locked by the site. Read more.

New Tech Fund Focuses Efforts on AI and Cybersecurity

An investment fund supported by the White House and partially bankrolled by tech leaders Peter Thiel, Eric Schmidt and Craig Newmark will support innovation in artificial intelligence, quantum computing, fusion, microelectronics, 6G cellular technology, advanced manufacturing and synthetic biology, according to a report on www.cyberscoop.com. The fund, called America’s Frontier Fund (AFF), is projected to give the U.S. the edge over China in cybersecurity as it will focus machine learning’s increasing role in cyberwarfare. Read more.

North Korean Threat Actors Targeting the Healthcare and Public Health Sector

According to a recent report on https://threatpost.com, threat actors from North Korea have been using Maui ransomware since at least May 2021 to target organizations in the healthcare and public health sector, according to a joint advisory issued Wednesday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury (Treasury). Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Read more.

Pro-Russian “Hacktivists” Target Congress Website

According to an article on www.cyberscoop.com, a pro-Russian cybercrime group attacked the Congress.gov web domain on July 7, resulting in temporary down time that “briefly affected public access,” according to a Library of Congress source. The group, KillNet, posted a video that included a 503 error page alongside an image of President Joe Biden. The group issued the following message on its Telegram channel: “They have money for weapons for the whole world, but not for their own defense.” KillNet is one of several pro-Russian cybercriminal groups to emerge in the wake of the Feb. 24 Russian invasion of Ukraine. Read more.

Apple Offers $2M to Break its New Lockdown Mode

According to a recent report on www.forbes.com, Apple announced a new Lockdown Mode that will be available in iOS 16, scheduled to launch later this year. To ensure that Lockdown Mode protects high-value targets for hacking, Apple is offering up to $2,000,000 prizes for hackers who can find Lockdown Mode bypasses and break in. At the same time Apple is donating $10 million “to support organizations that investigate, expose, and prevent highly targeted cyberattacks.” Apple will also donate any damages it wins in its lawsuit against the NSO Group, a well-known cyber intelligence and security group that makes spyware such as Pegasus. Read more.

Cyber Connections News Roundup: June 28

Posted on June 28, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

June 28

Cybersecurity Workforce Program Act Signed into Law

According to a White House press release, on Tuesday, June 21, S. 1097, the “Federal Rotational Cyber Workforce Program Act of 2021,” which establishes a Federal rotational cyber workforce program for the Federal cyber workforce, was signed into law. The program allows some federal employees to be enlisted in rotational cyber positions in various agencies, as well as provide agencies the needed authorization to identify eligible employees. Read more.

Experts Warn of Black Basta Ransomware Threat

A recent article on https://thehackernews.com reports that the Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence, making it a prominent threat. Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more, according to the report. Like other ransomware operations, Black Basta is known to employ a double extortion tactic to steal sensitive information from the targets and threaten to publish the stolen data unless a digital payment is made. Read more.

“Slow Thinking” May Lead to Better Cyber Training and Protections

A recent article on www.forbes.com stresses the importance of “slow thinking” to combat cybersecurity threats. In his book Thinking, Fast and Slow, Daniel Kahneman, a behavioral economist and Nobel Prize winner, maintains that we are on autopilot, or, fast thinking, about 95% of the time. When it comes to preparing employees to be on the front lines in defense against cybersecurity threats, being on autopilot is not good. Slow thinking, he says, leads to more well-reasoned and more accurate decisions. Moving to a slow thinking approach requires taking human nature into account when writing policies, designing processes or purchasing and deploying technology. Read more.

Expansion of Privacy Rights Top Among Gartner Cybersecurity Predictions for 2022-23

In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Australia, leaders at Gartner discussed the top predictions prepared the company’s cybersecurity experts. Leading the way is the expansion consumer privacy rights. As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and privacy regulation continues to expand. The company predicts that by 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform. Read more.

Many Hospitals Sending Personal Information to Facebook According to Report

According to a report on https://themarkup.org, a tracking tool installed on many hospital websites has been collecting patients’ sensitive health information—including details about their medical conditions, prescriptions, and doctor’s appointments—and sending it to Facebook. Markup tested the websites of Newsweek’s top 100 hospitals in America. On 33 of them the organization found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor’s appointment. The data is connected to an IP address—an identifier that’s like a computer’s mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook. Read more.

Cyber Connections News Roundup: June 14

Posted on June 14, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

June 14

Russia Escalates Threats to West for Cyberattacks

According to a recent report on www.cyberscoop.com, a Russian official threatened the West last week over cyberattacks against its infrastructure. “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a statement first reported by Reuters. Although while the threats sound serious, cybersecurity and Russia experts say they are typical of Russian bombast. Read more.

Illumina Software Vulnerability Could Lead to Altered Medical Test Results

The Department of Homeland Security has issued a cybersecurity alert about Illumina software. According to a recent article on www.medtechdive.com, the Cybersecurity and Infrastructure Agency (CISA), which is a part of DHS, released the notice after learning of a problem that could allow an attacker to take control remotely and impact patient test results in the instruments intended for clinical diagnosis. Illumina is a developer and manufacturer of integrated systems for the analysis of genetic variation and biological function. Read more.

Environmental Policymakers Warn of Water Treatment Cyber Attacks

Last week the Center on Cyber and Technology Innovation (CCTI) and the Cyberspace Solarium Commission (CSC 2.0) issued policy statements which warned that water may be the greatest vulnerability in our national infrastructure. As reported on www.threatpost.com, the policy statements detail how industrial controls governing water-related U.S. critical infrastructure are woefully under-estimated as cyberattack targets. Limited budgets and limited cybersecurity personnel needed to respond to threats make water treatment facilities particularly vulnerable, according to the statements. Read more.

Chinese Hackers Possibly at the Root of Backdoored Apps that Drain Funds

According to a recent report on https://thehackernews.com, a threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. First discovered in March 2022, the cluster of activity suggests a strong relationship with a Chinese-speaking entity yet to be uncovered. Targeted apps include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken. Read more.

Army to Double Size of Active Duty Cyber Corps

According to an article on www.fedscoop.com, the Army intends to double the size of its active-duty cyber corps by the end of the decade, including boosting its electronic warfare capacity, according to service officials. The service is putting more emphasis on these types of capabilities to compete with advanced adversaries such as China and Russia. The service plans to increase the size of its cyber branch across all components from just over 5,000 personnel today to just over 7,000 by 2030. Read more.

Cyber Connections News Roundup: May 31

Posted on May 31, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

May 31

Russian Invasion of Ukraine Reveals Future of AI and Automation in Warfare

According to an article on www.fedscoop.com, Russia’s ongoing invasion of Ukraine is offering national security experts a view into the future of artificial intelligence and automation in modern warfare. Although much of the destruction has been the result of conventional military systems, the use of unmanned systems, remotely piloted systems and autonomous systems has caught the attention of military experts. For example, experts believe that the effective use of unmanned systems operating in this conflict suggest the use of artificial intelligence. Read more.

Car Hacking Is Emerging as a Global Threat

A recent article on https://punchng.com examines the emergence of car hacking, made possible when someone takes control of a car’s computer system remotely over the internet through Bluetooth pairing or physical access to connectors and ports. With modern technology, carjacking, jamming, cloning key fobs, defeating immobilizers and scanners are different methods used by hackers to steal someone else’s car. The article describes a vulnerability in some Honda and Acura models that allows hackers to unlock the cars and start the engines wirelessly. Read more.

Somerset County, New Jersey Victim of Ransomware Attack

Somerset County, New Jersey fell victim to a ransomware attack that forced officials to switch off their computers and set up temporary Gmail accounts so the public could contact key agencies such as the health, emergency and sheriff’s departments. According to a recent report on www.cnn.com, the hacking incident in the central New Jersey County began on May 24 and disrupted services that rely on the county’s databases, including accessing land and probate records. It was unclear who was responsible for the hack, which remains under investigation. Read more.

Verizon’s 2022 Data Breach Report Shows Increase in Ransomware Breaches

The Verizon 2022 Data Breach Report is out and among the key takeaways for this year ransomware has continued its upward trend with an almost 13% increase (for a total of 25% of breaches)—a rise as big as the past five years combined. Supply chain was involved in 61% of incidents this year. The report also found that error continues to be a dominant trend and is responsible for 14% of breaches. This finding is heavily influenced by misconfigured cloud storage. The human element continues to drive breaches. This year, 82% of breaches involved the human element. Read more.

Ransomware Attacks are Higher than Ever

According to a recent report on www.washingtonpost.com, a group of top cyber experts that released a task force report one year ago laying out 48 detailed recommendations to combat ransomware attacks today report that these attacks are as high as ever, with victims paying over $600 million in payments in 2021. Ransomware payments by victims spiked 70 percent in 2021 over the previous year’s levels. Although government and industry have devoted resources to combating ransomware during the past year, data suggests ransomware attacks have held steady or are increasing and many of the likeliest victims, including schools and small businesses, are no better protected than they were one year ago. Read more.

Cyber Connections News Roundup: May 17

Posted on May 17, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

May 17

First Six HCBUs to Receive IBM Cybersecurity Leadership Centers

According to a recent report on www.voanews.com, six historically Black universities (HBCUs) in five Southern states will be getting the first IBM Cybersecurity Leadership Centers aimed at training underrepresented communities, the company said. The schools are Xavier University of Louisiana, that state’s Southern University System, North Carolina A&T, South Carolina State, Clark Atlanta and Morgan State universities. The centers will give students, staff, and faculty access to modern technology, resources, and skills development, as well as further enhance ongoing activities on several key areas, including cybersecurity, data science analytics, cloud computing, IOT, blockchain, design thinking, quantum computing, and artificial intelligence. IBM first announced its pledge to partner with HBCUs in 2021. Read more.

Maryland Governor Hogan Signs Cybersecurity Legislation to Bolster Resources and Assistance

Maryland Governor Larry Hogan last week signed measures to strengthen cybersecurity in state and local governments in the State after lawmakers approved legislation earlier in the year to protect vital systems against cyberattacks. According to a report on www.washingtonpost.com, one of the measures aims to help local governments, school systems and health departments work with more resources and assistance from the Maryland Emergency Management Agency to improve cybersecurity. The bipartisan legislation calls for roughly $570 million in cybersecurity and information technology upgrades. That includes about $200 million for cybersecurity and nearly $334 million for information technology development projects. Read more.

Microsoft Introduces New and Expanded Security Service

Microsoft recently announced that it is offering new and expanded services for security under a new service category, Microsoft Security Experts, according to the company. Security Experts includes three new managed services—Microsoft Defender Experts for Hunting, Microsoft Defender Experts for extended detection and response (XDR), Microsoft Security Services for Enterprise—as well as two existing services, Microsoft Security Experts for Modernization, and Microsoft Security Experts for Incident Response. Read more.

Costa Rica Declares State of Emergency Over Ransomware Attack

According to a recent article on www.nbcnews.com, hackers crippled computer networks across multiple government agencies in Costa Rica, including the Finance Ministry. As a result, Costa Rica has declared a state of emergency. The official declaration, published on a government website Wednesday, said that the attack was “unprecedented in the country” and that it interrupted the country’s tax collection and exposed citizens’ personal information. The hackers initially broke into the Finance Ministry on April 12, it said. They were able to spread to other agencies, including the Ministry of Science, Technology and Telecommunications and the National Meteorological Institute. Read more .

SEC Bolsters Crypto Unit to Combat Rising Fraud

According to a recent article on www.cyberscoop.com, hackers have defrauded more than $1 billion from cryptocurrency investors to date this year. As a result of rise in fraud, the U.S. Securities and Exchange Commission has announced that it is going to double its staff working to resources to combat the rise in fraud. The bolstered Crypto Assets and Cyber Unit will be at the forefront of protecting investors and ensuring fair and orderly markets in the face of these critical challenges. The unit has brought more than 80 proceedings against companies and individuals in relation to fraudulent and unregistered crypto asset offerings and platforms, according to an SEC press release. Read more.

Cyber Connections News Roundup: May 3

Posted on May 3, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

May 3

Stormous Claims Credit for Recent Ransomware Attack on Coca-Cola

A recent report on www.securityboulevard.com claims that a recent ransomware attack Coca-Cola in Brazil was perpetrated by the ransomware group Stormous, a Russian-affiliated threat actor. The group, active since 2021, recently announced its support for the Russian government and its intention to attack Ukrainian government institutions, according to the article. Stormous said it had hacked some of the company’s servers and passed a large amount of data inside them without their knowledge, and we want to sell it to someone else. Read more.

Opening Twitter’s Algorithms to the Public Exposes the Company to Risk

Upon striking a deal to buy Twitter for $44 billion on April 25, Tesla’s Elon Musk suggested that he will make Twitter’s algorithms available to the public. According to a recent article on www.cyberscoop.com, sharing Twitter’s code doesn’t necessarily pose a cybersecurity threat, but exposing code does expose potential vulnerabilities that criminals and disinformation operators can use to sow havoc. The idea of open sourcing code means that both good and bad actors can inspect it. We don’t know yet what code Musk plans to make available, but we do know that every nation-state hackers will be eager to find out. Read more.

New Survey Shows the Many Companies Focus on Role of Hardware in Cybersecurity

A recent article on www.forbes.com highlights the findings of a recent Ponemon Institute survey commissioned by Intel to examine trends in cybersecurity budgets and how organizations are allocating that money to try and stay a step ahead of attackers. In the survey Ponemon found that 36% of respondents say they have adopted hardware-assisted security solutions and another 47% of respondents say their organizations will adopt these solutions in the next six months (24%) or 12 months (23%). Of those same 36% of respondents using hardware-assisted security solutions, 85% say hardware and/or firmware-based security is a high or very high priority in their organization. Read more.

Department of Energy Invests $12 Million In New Cybersecurity Research Projects

According to a recent report on www.scmagazine.com, the Department of Energy is funding behind six university-led cybersecurity research projects that look for innovative ways to securely build or design the nation’s next generation of energy systems. According to the Department of Energy, each of the six projects will receive approximately $2 million and features a university team leading the effort alongside other academic, non-profit and private sector partners. Three of the projects will focus on artificial intelligence solutions that can automate parts of the cybersecurity operations for energy systems. The universities involved include Florida International University, North Carolina State University, the University of North Carolina, Iowa State University, University of Texas El Paso, Texas A&M, Rutgers University, Oregon State University, New York University, University of Arkansas, Illinois Institute of Technology, Virginia Tech, and University of Michigan-Dearborn. Read more.

U.S. Cyber Command Awards Massive Contract to Conduct Cyber Operations Abroad

U.S. Cyber Command has awarded a nearly $60 million contract to Sealing Technologies to provide equipment to conduct defensive cyber operations abroad on the networks of partner nations, according to a recent article on www.fedscoop.com. The contract is for hunt-forward operations, which involve physically sending defensively-oriented cyber protection teams from the Cyber National Mission Force to foreign nations to hunt for threats on their networks at the invitation of host nations. Sealing Technologies’ prototyped solution will support automated deployments, configurations and data flows for cyber ops. It is modular in self-contained units that can be carried on commercial aircraft, according to the company. Read more.

Cyber Connections News Roundup: April 19

Posted on April 19, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

April 19

FDA and Congress Are Trying to Protect Medical Devices from Hacks

A recent report on www.theverge.com examines the steps that Congress and the Food and Drug Administration have taken to protect medical devices, such as infusion pumps and imaging machines, from cyberattacks. Congress with a proposed bill and the FDA with new draft guidelines for device makers on how they should build devices that are less likely to be hacked. The FDA has updated guidelines introduced in 2018 with a new draft based on feedback from manufacturers and other experts and changes in the medical device environment over the past few years. Meanwhile, Congress proposed the Protecting and Transforming Cyber Health Care (PATCH) Act, which would require device manufacturers to have a plan to address any cybersecurity issues with their devices. Read more.

U.S. Charges Four Russians For Global Energy Hacks

According to a recent article on www.theguardian.com, the United States Justice Department has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries. In one unsealed indictment from August 2021, the DoJ said three alleged hackers from Russia’s Federal Security Service carried out cyberattacks on the computer networks of oil and gas firms, nuclear power plants, and utility and power transmission companies across the world between 2012 and 2017. In a second unsealed indictment from June 2021, the DoJ accused Evgeny Viktorovich Gladkikh, a Russian ministry of defense research institute employee, of conspiring with others to hack the systems of a foreign refinery and install malware known as “Triton” on a safety system produced by Schneider Electric. Read more.

Cybersecurity at Home: Children Are the Weak Link

According to a recent article on www.forbes.com, the most important vector within our homes that we often neglect are children. Kids, tweens and teens are often the most unsecured consumers, yet they are some of the most highly connected vectors, especially as they are now using new technology like cryptocurrency and starting to explore the metaverse. The targeting of kids is expected to come even more into the mainstream as cybercriminals continue to try and make use of consumer vulnerabilities. Education around gaming safety, providing security software, and basic cyber hygiene offer a good starting point. Read more.

State Department Cyber Bureau Officially Launches

The Bureau of Cyberspace and Digital Policy officially launched Monday at the State Department, according to a recent report on www.cyberscoop.com. The bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy, according to a news release. The bureau eventually will be led by a Senate-confirmed ambassador-at-large. For now, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. Read more.

Craig Newmark Donates $50 Million for Citizen Cyber Defense

According to a recent report on www.washingtonpost.com, philanthropist and Craig’s List founder Craig Newmark is donating $50 million to what he’s calling a “civil cyber defense” effort aimed at broadly raising cybersecurity standards for small businesses and regular U.S. citizens. The concept was inspired by people who performed non-military services during World War II, such as building victory gardens. The funding will be aimed broadly at building and promoting cybersecurity tools that are easy for average citizens to use, pushing companies to make technology more secure by default and publicizing vetted information about which products are most secure. Read more.

Cyber Connections News Roundup: April 5

Posted on April 5, 2022 by Alex Kasten in Cyber Careers, Cyber News and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

April 5

University of Maryland Global Campus to Pilot Virtual and Augmented Reality Learning Environments

University of Maryland Global Campus (UMGC) has partnered with VictoryXR, a global leader in creating learning environments through immersive technology, in a pilot program that will use virtual and augmented reality in classes in the fall 2022 term. UMGC is one of 10 schools in the initial phase of the program that will implement a “digital twin campus” for students, whether they are enrolled in a face-to-face class or studying online. “This is an opportunity to be a leader and early pioneer in leveraging the metaverse, which will represent a radical paradigm shift in online education and the end-to-end learner experience,” said Doug Harrison, vice president and dean of the School of Cybersecurity and Information Technology. Read more.

FBI Issues Ransomware Warning to Local Governments

According to a recent article on www.securityweek.com, the Federal Bureau of Investigation (FBI) warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. In a private industry notification, the FBI noted that local government entities within the government facilities sector (GFS) represented the second most targeted group following academia, based on victim incident reporting throughout 2021. Read more.

Senators Aim to Strengthen Cybersecurity in Healthcare

To protect the healthcare system and patient data from cyberattack, on March 23, U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV) introduced the Healthcare Cybersecurity Act. According to a report on www.hcinnovationgroup.com, the act aims to direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together on how to improve cybersecurity processes in hospitals and health systems. Among other items, the bill would require CISA and HHS to collaborate to improve cybersecurity in the healthcare and public health sector. Read more.

Millions Work in Cybersecurity But Jobs Remain Unfilled

About one million people work in cybersecurity in the U.S., but nearly 600,000 positions remain unfilled, according to a recent article on www.bloomberg.com, citing data from CyberSeek. Of those, 560,000 are in the private sector. Citing a Gartner TalentNeuron study, the article says that during the last 12 months job openings have increased 29%, more than double the rate of growth between 2018 and 2019. With so many employees using their home networks and computers, phishing attempts soared, as did ransomware attacks on businesses, schools, hospitals and other organizations, which has further increased the demand for cybersecurity positions such as software developers, vulnerability testers, network engineers and cybersecurity analysts. Read more.

Recent Axie Infinity Heist Exposes Vulnerabilities in the Crypto Sector

According to a recent report on www.cyberscoop.com, the cryptocurrency used to play the Pokémon-inspired blockchain game Axie Infinity was the target of a March 23 crypto heist of more than $600 million, one of the largest in history. The hack can be traced back to November 2021 when Sky Mavis, the company behind Axie Infinity, asked Axie DAO for support distributing free transactions due to an immense user load. The arrangement continued until December 2021. The frequency of hacks on the cyrpto sector raise questions about both loss of confidence in the sector and the need for regulators to step in to protect the public. Read more.

Cyber Connections News Roundup: March 22

Posted on March 22, 2022 by Alex Kasten in Cyber News, Cyber Trends and tagged Featured.

Get the latest cybersecurity news from leading companies, news outlets and blogs.

March 22

Lawmakers Fear Cryptocurrency Will Offer Russia

Lawmakers on both sides of the aisle are worried that cryptocurrency will serve as a way for Russia to evade sanctions, according to a recent report on http://rollcall.com. Bitcoin and other cryptocurrencies could undermine the effectiveness of sanctions against Russia after its invasion of Ukraine, the lawmakers say, but other tech experts believe that cryptocurrency provides greater transparency for law enforcement. To date, U.S. government agencies have reported little indication of such evasion from Russian oligarchs and other sanctioned individuals or organizations. Read more.

Gender Diversity in Cybersecurity Starts with Early Education and Overcoming Biases

Historically, women’s path to STEM-related careers has been challenging, whether through unconscious bias, lack of early education and mentoring, or work-life balance hurdles. According to the latest research by the non-profit cybersecurity certification group (ISC)², men continue to dramatically outnumber women in the field—only 24 percent of cybersecurity professionals are female—and pay disparity persists. What is the most effective way to close the gender gap in cybersecurity? Loyce Pailen, Valorie King, and Tamie Santiago, members of the University of Maryland Global Campus School of Cybersecurity & Information Technology faculty, share their opinions on the ways we can close the gender gap in cybersecurity. Read more.

Cybersecurity in the Wake of the Russian Invasion of Ukraine

A recent article on www.bloomberg.com examines the prospect of an increase in Russian cyberattacks as sanctions pile up and cripple Russia’s economy. The article speculates that as Russia transforms into an isolated rogue state, cybercrime syndicates may emerge from the Kremlin to generate revenue by using ransomware, financial malware and cryptocurrency theft. According to the article, this move would clarify what security analysts believe to be an unofficial relationship between the government and hacking gangs that has existed for years. Read more.

Google Fortifies Cloud Security with Purchase of Mandiant

According to a recent article on www.nytimes.com, in one of its largest acquisitions Google purchased cybersecurity firm Mandiant for roughly $5.4 billion. In adding more cybersecurity services, Google aims to differentiate its cloud computing business from that of Amazon and Microsoft. The acquisition of Mandiant, which is based in Virginia and has more than 2,300 employees, is Google’s second-largest deal ever, trailing only the company’s $12.5 billion acquisition of the phone company Motorola in 2011. Read more.

Chip Shortage Could Anticipate National Security Concerns

Testifying before the House Intelligence Committee earlier this month, National Security Agency Director Gen. Paul Nakasone said that China’s increasing progress toward producing enough semiconductor chips domestically to avoid relying on foreign trade is of great concern, according to a recent report on www.cyberscoop.com. China’s increasing progression toward so-called chip independence would give the Chinese more leverage to act as they please without fear of sanctions, according to Nakasone. Nakasone also suggested that China could supply chips to Russia, helping Vladimir Putin’s government evade crippling economic sanctions. Read more.