DHS to simplify cyber incident reporting rules, UK passes the Online Safety Bill, PIILOPUOTI marketplace takedown
DHS council seeks to simplify cyber incident reporting rules
On Tuesday, the Department of Homeland Security’s (DHS) Cyber Incident Reporting Council delivered a 100-page report that recommends revamping cyber incident reporting requirements imposed upon US critical infrastructure operators. The Cyber Incident Reporting Council is composed of the Office of the National Cyber Director, Federal Trade Commission and the Departments of Energy, Treasury, Defense and Justice. The report found that critical infrastructure entities face a dizzying 45 active reporting requirements from 22 different federal agencies with an additional five under consideration. Harmonizing these requirements is expected to help both the private sector and federal government better understand the threat landscape while helping them prioritize their efforts.?
UK passes the Online Safety Bill?
On Tuesday, the British government’s controversial Online Safety Bill finally completed its passage through parliament. Notably, the bill does not include a ban on end-to-end encryption, which tech companies claimed would nullify user protections with some even threatening to pull their services out of the country instead of compromising this feature. The law does contain a provision that could require messaging platforms to use “accredited technology” to identify certain content, like terrorism and child sexual abuse material (CSAM), if they are ordered to do so by the communications regulator, Ofcom. It should be noted that no accredited technology currently exists, and Ofcom is yet to set out how it would go about accrediting such technology.
(The Record and Techdirt)
Finland and Europol take down PIILOPUOTI marketplace
Law enforcement officials in Finland joined forces with Europol and cybersecurity firm, Bitdefender, to take down the PIILOPUOTI dark web marketplace. According to Finnish Customs, the platform operated on the Tor Network since May 2022, allowing people to smuggle and sell drugs and paraphernalia into Finland. Bitdefender confirmed it provided guidance to law enforcement agencies, saying, “This operation is a prime example of the public and private sector pooling resources and working together to disrupt illegal online activities.”
Clorox products running short amidst cyberattack cleanup
Last month, Clorox said via an SEC filing that cyberattackers had caused disruption requiring significant cleanup efforts. In an incident update filed with the SEC this week, Clorox said it the cyberattack caused “widescale” disruptions and forced the company into “manual ordering and processing procedures” and a “reduced rate of operations.” As a result, Clorox is experiencing “an elevated level of consumer product availability issues.” The company said it’s still repairing its IT infrastructure and won’t start transitioning back to automated order processing until next week.
Thanks to our sponsor, Hyperproof
领英推荐
Hackers breached International Criminal Court’s systems
On Tuesday, the International Criminal Court said it was responding to a “cybersecurity incident” causing “anomalous activity” on its IT systems. The ICC said it is currently investigating the incident with the assistance of Dutch authorities. The ICC also outlined plans to strengthen its cybersecurity defenses, including expediting the adoption of cloud technology. The ICC, which is investigating war crimes in Ukraine, has had to fend off similar threats in the past, as last year, it stopped a Russian spy from infiltrating the court by posing as a Brazilian intern.
Threat actor leverages new Linux backdoor in espionage campaign
Researchers have identified a Chinese-linked threat actor known as ‘Earth Lusca,’ conducting cyber espionage campaigns dating back to 2021. In the first half of 2023, Earth Lusca has been? primarily targeting government departments involved in foreign affairs and technology and telecommunications in Southeast Asia, Central Asia and the Balkans. The researchers were able to decrypt a version of the threat actor’s payload, which they found on VirusTotal, thereby uncovering a previously unknown Linux-targeted backdoor, which they named ‘SprySOCKS’. This backdoor originates from the open-source Windows backdoor Trochilus, with several functions being re-implemented for Linux systems.
You should probably patch that (Trend Micro and GitLab)
Trend Micro fixed a critical severity remote code execution zero-day vulnerability in Trend Micro’s Apex One endpoint protection solution that was actively exploited in attacks. The flaw (tracked as CVE-2023-41179) is rated 9.1 on the CVSS scale and exploits a bug in a third-party uninstaller module supplied with the security software. Trend Micro has provided a full list of vulnerable products and encouraged customers to update to the latest versions as soon as possible.?
And GitLab has released security fixes for a critical vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. The flaw (assigned CVE-2023-4998 and a 9.6 CVSS score) impacts GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4. The flaw could result in attackers accessing sensitive information or abusing the impersonated user’s permissions to run code, modify data, or trigger specific events within GitLab. Again, customers are strongly urged to upgrade to the latest versions.
FTC denies blame for Microsoft Xbox leak
Late Monday evening, what some are describing as the “biggest leak in Xbox history” took place and apparently stemmed from Microsoft’s dealings with the FTC related to the Activision Blizzard acquisition. In addition to documents related to the acquisition, Microsoft appears to have also accidentally uploaded a series of highly sensitive PDFs and slides that revealed Microsoft’s plans for Xbox, including new consoles, Game Pass fees, expected subscriber growth rates, and an upcoming games list. On Tuesday, the FTC confirmed that Microsoft was responsible for the errant file upload. A judge has ordered the removal of the documents with final exhibits due for re-upload by September 22.?
Got love the pun from Clorox: " disruption requiring significant cleanup efforts."