TODAY'S TOP 5

CISA’S NEW GLOBAL STRATEGY: The Cybersecurity and Infrastructure Security Agency (CISA) released its?2025–2026 International Strategic Plan , the agency’s first, to “improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” said CISA Director Jen Easterly.?

• Plan goals include bolstering the security and resilience of the international critical infrastructure on which the U.S. depends, strengthening integrated cyber defense and unifying agency coordination of international activities.

BIG RIG CYBER FEARS: Though the National Motor Freight Traffic Association demonstrated a?physical truck hacking in a Houston, Texas, parking lot at last year’s cybersecurity conference, industry experts warned this week that the top threat to trucking companies was phishing and compromised email – potential steppingstones to ransomware attacks, Commercial Carrier Journal reports .

• Ben Gardiner, senior cybersecurity research engineer at NMFTA. said carriers still need to worry about vectors into the trucks. “I'm left wondering what happens when these financially motivated attackers stop succeeding so easily with PC-based ransomware and they start doing the mass derates (crippling the truck into 'limp mode') that we're worried about,” he said.

TRACKING DEVICE: An investigation by French newspaper Le Monde found that the highly confidential movements of President?Joe Biden, presidential rivals?Donald Trump?and?Kamala Harris, and other world leaders can be easily tracked online through their bodyguards’ use of the fitness app Strava, the Associated Press reports . Le Monde said its reporters found 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, with public accounts on Strava that communicated their movements online.

• The Secret Service said it did not find “any impacts to protective operations” but would review the report along with agency training and guidance.

AI SUPPORT FOR THE GRID: The?White House Task Force on AI Datacenter Infrastructure met Tuesday to explore how advanced computing and software solutions, including artificial intelligence (AI), can accelerate grid integration of clean energy. The administration said that participants discussed efforts underway to get more sources of supply on the grid by addressing the backlog of projects to power the grid currently waiting in “interconnection queues,” situations where additional computing solutions can make the biggest difference, and strategies for how to pursue those opportunities.

• The Department of Energy announced at the meeting a forthcoming program that will use AI to help clean energy project developers submit applications that grid operators can evaluate more quickly, the White House said, and highlighted efforts?to help transmission owners and grid operators move to a cloud-based software solution that supports a faster interconnection process.

INFRASTRUCTURE TARGETED: A recent Cyble sensor intelligence report highlighted numerous active attack campaigns targeting known vulnerabilities across critical infrastructure environments, Industrial Cybersecurity reports . Notably, there have been new attacks on the SPIP open-source CMS, while ongoing exploits persist against IoT devices. Previously reported campaigns continue to exploit vulnerabilities in PHP, Linux systems, and Java and Python frameworks. Older vulnerabilities in IoT devices and embedded systems continue to be exploited at alarming rates. New to the report are exploits of vulnerabilities that may still be present in some Siemens products and network devices.?

CYBER FOCUS PODCAST

NEW: In the latest episode of Cyber Focus , host Frank Cilluffo sits down with TSA Assistant Administrator for Surface Operations Sonya Proctor to discuss the agency’s evolving role in securing pipelines and surface transportation sectors, with an emphasis on the agency's expanded cybersecurity focus following the Colonial Pipeline ransomware attack. The conversation delves into TSA's partnerships with industry, other federal agencies, and state and local law enforcement to enhance critical infrastructure protection, as well as the challenges and opportunities in integrating physical security and cybersecurity efforts.

SUBSCRIBE TO CYBER FOCUS:?YouTube ?|?Spotify ?|?Apple Podcasts

FROM McCRARY EXPERTS

Cyber task force has a long to-do list for next president

A group of 40 cybersecurity experts from?McCrary Institute for Cyber and Critical Infrastructure at Auburn University?and the?Cyberspace Solarium Commission 2.0?released?39 recommendations?last week to provide a roadmap for how the incoming administration can address gaps in cyber defense. The most pressing recommendations — priorities for the first 100 days of the next administration — include regulatory harmonization and a review of the?national cybersecurity strategy?the Biden administration released in March 2023. The recommendations also call on the administration to prioritize efforts to address the cyber workforce shortage and strengthen public-private partnerships. (CYBERSECURITYDIVE.COM )

READ THE REPORT:?“Securing America’s Digital Future: A Bipartisan Cybersecurity Roadmap for the Next Administration” ?

Experts?discuss ?the report’s?third section of recommendations ?focusing on how to effectively deter and impose costs on adversaries who operate with relative impunity in the digital domain.

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Breaches

Information on missing boy lost in cyber attack

Information held by Ireland's child and family agency, Tusla, on missing Kyran Durnin was lost in a cyber attack. The data loss?was first reported by the Irish Independent, with the paper quoting sources as saying that the data loss was a "matter of concern" for gardaí (Irish police) working on the boy's case. (BBC.COM )

Long Island Plastic Surgical Group confirms 161K-record data breach

Full names had been stolen in combination with some or all of the following: date of birth, Social Security number, driver’s license number/state identification number, passport number, financial account information, medical information, biometric information, health insurance policy information, and clinical photographs. (HIPPAJOURNAL.COM )

ICO: 55% of UK adults have had data lost or stolen

The UK’s privacy watchdog has issued a stern warning to the nation’s organizations to improve their data protection posture, after revealing that over half of adults have had their personal information lost or stolen. Nearly a third (30%) of victims report emotional distress, while a quarter (25%) receive no support from the breached organization. (INFOSECURITY-MAGAZINE.COM )

Influence operations

Suspicious social media accounts deployed ahead of COP29

A network of 71 suspicious accounts on X has been deployed ahead of the UN’s COP29 climate change conference. The accounts aim to give the impression of grassroots support for the Azerbaijan government, according to NGO Global Witness. (INFOSECURITY-MAGAZINE.COM )

Malware

U.S. joins international action against RedLine and META Infostealers

In conjunction with the disruption effort, the Justice Department unsealed charges against Maxim Rudometov, one of the developers and administrators of RedLine Infostealer. According to the complaint, Rudometov regularly accessed and managed the infrastructure of RedLine Infostealer, was associated with various cryptocurrency accounts used to receive and launder payments and was in possession of RedLine malware. (JUSTICE.GOV )

Phishing

Chenlun’s evolving phishing tactics target trusted brands

An ongoing, sophisticated phishing campaign has been observed targeting individuals with text messages impersonating trusted brands like Amazon. DomainTools researchers linked this activity to the threat actor Chenlun, who last year was known for?exploiting USPS delivery alerts?during the holiday season to lure recipients into providing sensitive information. (INFOSECURITY-MAGAZINE.COM )

Crooks are sending Halloween-themed phishing emails

Around 40% of these spam emails are malicious, attempting to trick users into installing malware, handing over login credentials, or sending money for phony purchases. A couple of scam campaigns on this topic appeared as early as late August, possibly because fraudsters were trying to prey on conscientious shoppers who like to get their seasonal décor and Halloween gear in advance. These early iterations serve as a great depiction of a typical Halloween-themed scam website. (KNOWBE4.COM )

Ransomware

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. This week, security researcher DreyAnd disclosed that CyberPanel 2.3.6 (and likely 2.3.7) suffers?from three distinct security problems that can result in an exploit allowing unauthenticated remote root access without authentication. (BLEEPINGCOMPUTER.COM )

Recovery

The Internet Archive is finally mostly back online after a series of cyberattacks

Some people who chimed in on Reddit blamed the Internet Archive for not changing its API keys in the wake of the initial attacks, and others sympathized with the site. As a non-profit organization devoted to sharing valuable historical information, the Internet Archive has a limited budget. That means cybersecurity may get short shrift in the overall running of things. (ZDNET.COM )

MoneyGram replaces CEO weeks after massive customer data breach

The removal comes in the same month that the company confirmed it had lost an unspecified amount of personal customer information during its September cyberattack. The company has yet to describe the nature of the cyberattack, which?sparked in a week-long outage of its money transfer service. (TECHCRUNCH.COM )

Response

JCDC’s industry-government collaboration speeds mitigation of CrowdStrike IT outage

Leveraging its unique ability to bring together public and private sector partners, JCDC facilitated virtual engagements with over 1,000 federal agency representatives. In close collaboration with CrowdStrike, a JCDC partner, CISA provided critical updates, mitigation guidance, and analysis on the potential for malicious exploitation of the outage.?(CISA.GOV )

THREATS

Artificial intelligence

Researchers uncover vulnerabilities in open-source AI and ML models

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been?reported?as part of Protect AI's Huntr bug bounty platform. (THEHACKERNEWS.COM )

Education

FCC’s cybersecurity pilot program for education earns an ‘A’

Schools and school districts will be eligible to receive a minimum of $13.60 per student or $15,000 (whichever is higher) to purchase eligible cybersecurity services and equipment over the program’s duration. The funding will have an immediate impact on the cybersecurity posture of participating organizations. (EDTECHMAGAZINE.COM )

What Albuquerque Public Schools learned from a cyberattack

At the start of the school day on Jan. 12, 2022, teachers in New Mexico’s Albuquerque Public Schools tried logging into the district’s student information system — but couldn’t. When teachers flagged the problem to the district’s technology team, IT staff members couldn’t get access either.?It was then that the technology team knew it had a big problem, said Richard Bowman, now the district’s chief technology officer.?(K12DIVE.COM )

Elections

Scammers exploit 2024 U.S. general election to perpetrate multiple fraud schemes

These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, sell merchandise (which is never sent to the purchaser), or steal personally identifiable information (PII) that can be used for other fraud. (IC3.COM )

Healthcare

Cyber insecurity now impacts the health and wellness of Americans. We need a clearer treatment plan

Last year,?1 in 3 Americans?were affected by health care data breaches, and 133 million records were exposed. Cyberattacks against hospitals doubled in 2023?compared to 2022. According to a May survey conducted by the firm Software Advice, roughly?1 in 4 health care computer hacks?impacted patient care. (CYBERSCOOP.COM )

Spyware

New LightSpy spyware targets iOS with enhanced capabilities

This latest version, identified as 7.9.0, is more sophisticated and adaptable, featuring 28 plugins compared to the 12 observed in the earlier version. Seven of these plugins are specifically designed to interfere with device?functionality, with capabilities that include freezing the device and?preventing it from rebooting. (INFOSECURITY-MAGAZINE.COM )

Vulnerabilities

New research reveals Spectre vulnerability persists in latest AMD and Intel processors

While the execution results of transient instructions are not committed to the architectural program state, it's still possible for them to load certain sensitive data into a processor cache through a forced misprediction, thereby exposing it to a malicious adversary that would otherwise be blocked from accessing it. (THEHACKERNEWS.COM )

New Windows Themes zero-day gets free, unofficial patches

NTLM has been extensively exploited in?NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and?pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious software to acquire NTLM hashes (which are hashed passwords) from targeted systems. (BLEEPINGCOMPUTER.COM )

Apple patches over 70 vulnerabilities across iOS, macOS, other products

iOS 18.1 and iPadOS 18.1 are now rolling out to mobile users with patches for 28 vulnerabilities that could lead to information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files. (SECURITYWEEK.COM )

QNAP fixes NAS backup software zero-day exploited at Pwn2Own

QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. Tracked as CVE-2024-50388, the security flaw is caused by an OS command injection weakness in?HBS 3 Hybrid Backup Sync?version 25.1.x, the company's disaster recovery and data backup solution. (BLEEPINGCOMPUTER.COM )

ADVERSARIES

China

China's elite cyber corps hone skills on virtual battlefields

Over the last decade, the Chinese government has established an efficient pipeline of capture-the-flag (CTF) tournaments both as a way to attract cyber-savvy citizens to cybersecurity, and as part of its cybersecurity curriculum and training regimen. The efforts have paid off. Today, the nation has more than 50 annual competitions used as part of the training of tens of thousands — and possibly, hundreds of thousands — of cybersecurity specialists, while creating stronger connections to government and industry. (DARKREADING.COM )

Russia

Russia blurring lines between physical and cyber war on the West

Over the past few years, Russia-affiliated hackers have conducted attacks against critical American and European infrastructure networks and disrupted hospital operations across the US. The scope and boldness of these attacks have increased as Russia seeks to expand its war against Ukraine and its supporters on multiple fronts. (ASIATIMES.COM )

Troll disrupts conference on Russian disinformation with ‘Zoom-bombing’

An extremely graphic pornographic video with the words “CCP ON TOP” was shown on the main presentation screen for a couple of minutes before event organizers regained control. One attendee commented in the chat, “the hand of Moscow.” Live attendees at the Washington, D.C. National Press Club were also exposed to the video. (INFORMATIONWEEK.COM )

Russia says it might build its own Linux community after removal of several kernel maintainers

Russia’s response came after the Linux community blocked?11 Russians from maintaining the Linux kernel — the operating system’s core code — citing “various compliance requirements.” Linux creator Linus Torvalds stated that this decision “is not getting reverted,” adding that as a Finn, he will not “support Russian aggression.” (THERECORD.MEDIA )

Russia arrests hacker accused of preventing electronic voting during local election

The FSB reported that the hacker had installed Ukrainian software on his personal device and attacked, among others, the IP addresses of an internet provider in the Moscow region. The attack disrupted the provider’s systems, "preventing the company from providing internet access to customers and hindering voters from participating in remote electronic voting," the agency said. (THERECORD.MEDIA )

GOVERNMENT AND INDUSTRY

Artificial intelligence

Inside the HHS reorganization to prioritize AI and emerging tech

Micky Tripathi wears many hats — assistant secretary for technology policy, national coordinator for health information technology and acting chief artificial intelligence officer — as the agency looks to expand its tech leadership. (NEXTGOV.COM )

Hicks highlights DoD's commitment to responsible AI use

Deputy Defense Secretary Kathleen Hicks said that, since 2021, DoD has not only accelerated the drive toward a more data-driven, modernized and AI-empowered U.S. military; but it has also affirmed an adherence to ethical AI principles, updated DoD responsible-use policies and directives, and issued new strategies, guidelines, guardrails and practical toolkits and apps.?(DEFENSE.GOV )

Making AI work inside and out at SSA

Brian Peltier’s role at the Social Security Administration spans more than just the chief artificial intelligence officer. He is also the deputy CIO for strategy, with oversight of the agency’s enterprise architecture, innovation, financial and talent management arms. But the CAIO position has become a significant part of his work, with all of the governance and attention artificial intelligence has garnered at SSA. (NEXTGOV.COM )

Biden’s AI national security memo calls for heavy lift

Federal agencies will need to rapidly hire experts, get them security clearances and set about working on the tasks Biden lays out as private companies are pouring in money and talent to advance their AI models. (ROLLCALL.COM )

Show me the data: DISA leaders outline do’s and don’ts on industry AI pitches

The Pentagon’s IT arm, the Defense Information Systems Agency, has seen quite enough AI hype, thank you very much. So at the agency’s annual?Forecast to Industry, new DISA director?Lt. Gen. Paul Stanton?said he needs clarity from vendors on how their offerings’ AI features actually work and what data they were trained on. (BREAKINGDEFENSE.COM )

DISA readying to roll out AI concierge within agency

One of the platform’s first use cases will be a bot designed to help DISA’s staff sift through the agency’s vast collection of policies and instructions. The challenge, however, is making sure the bot delivers accurate and relevant answers from the agency’s hundreds of policies accumulated over the past 60 years. (FEDERALNEWSNETWORK.COM )

Cloud

Five Eyes officials say they want a shared Top Secret cloud, someday

“Not only would this cloud be a top secret cloud, but it would be classification agnostic as well, because the data is all tagged, because all of my users all have the correct digital identities, I can store all the data in the cloud," said Brig. Gen. Eric Vandenbeg of the Canadian Department of National Defence. (BREAKINGDFEENSE.COM )

Microsoft slams Google’s ‘shadow campaigns’ as feud over cloud regulation escalates

Microsoft has fired shots at Google over its activity in the?European cloud market, accusing the latter of conducting ‘shadow campaigns’ in the region. Rima Alaily, competition and market regulation lead at Microsoft,?took to the company blog?and claimed Google has played a part in creating a new organization designed specifically to discredit Microsoft. (ITPRO.COM )

Cybercrime

UN cybercrime convention will ‘legitimize’ authoritarian nations’ cyber behavior, senators warn

Countries under the?proposed?treaty must adopt laws or procedures that permit their authorities to demand access to computer systems or stored data from individuals or companies. The senators warn this could erode access to encrypted communications services and give broad jurisdiction back to a country’s own legal standards. (NEXTGOV.COM )

Cyber governance

Poor vulnerability management could indicate larger cyber governance issues, S&P says

Companies that fail to identify and remediate vulnerabilities could be held accountable when they are assessed for their overall level of risk management and internal controls, according to S&P.?The report cited data in the?2024 Verizon Data Breach Investigations Report, which noted exploitation of vulnerabilities almost tripled in 2023.?(CYBERSECURITYDIVE.COM )

Data

Eyeing ‘AI at scale,’ intel community aims to get data house in order

Last year, Director of National Intelligence Avril Haines signed out a two-year strategy?aimed at overhauling the IC’s data management practices.?And last week, the office of the director of national intelligence finalized a new “data reference architecture” that aims to enable a “distributed data ecosystem,” IC Chief Data Officer Lori Wade said at the Defense Department Intelligence Information System conference in Omaha, NE, on Tuesday. (FEDERALNEWSNETWORK.COM )

Energy

How will the presidential and Senate election outcomes affect FERC and its policies?

The FERC chair plays a major role in determining the agenda for the commission — what’s voted on and what the staff spend their time on, according to?Richard Glick, GQS New Energy Strategies principal and former FERC chairman. FERC Chairman?Willie Phillips, a Democrat, has set transmission, reliability and affordability as top priorities.?But?if Trump wins and appoints a different chair, that chair could set a new agenda for the commission, he said. (UTILITYDIVE.COM )

Alliant Energy and Energy Dome sign deal to advance nation’s first utility-scale CO2 battery

The Columbia Energy Storage Project is rated to discharge 18 MW of power for at least 10 hours, according to the Alliant fact sheet. The system charges by using energy from the electric grid to compress gaseous CO2 into liquid form, then discharges by converting the liquid back to gas form and running the expanded volume through a turbine, Alliant says.?(UTILITYDIVE.COM )

CenterPoint acquires smaller generators to aid in grid restorations, following Hurricane Beryl criticism

Beryl “caused extensive damage” to CenterPoint’s electric infrastructure,?primarily impacting the utility’s distribution system, according to the after-action report. The transmission system “proved resilient.” More than three-quarters of CenterPoint’s overhead distribution circuits experienced lockouts, and about 2.1 million customers were left without power. (UTILITYDIVE.COM )

Healthcare

AI could be a game changer, but healthcare needs to be ‘exceedingly careful’

The pressure is on to adopt the tech.?Proponents argue AI could help solve healthcare’s significant workforce challenges: The nation faces a shortage of?more than 100,000 critical healthcare workers?in 2028,?as the overall population ages and needs more care, according to a report by consultancy Mercer. While AI could be transformative, the sector has to move with caution as it implements emerging tools,?experts say. (HEALTHCAREDIVE.COM )

Privacy

Colorado’s new biometric privacy law may strain small businesses, says lawyer

Colorado’s biometric?law?amends the state’s 2023 privacy act to create new requirements for collecting and processing biometric data for businesses. The law also requires businesses to provide notices of collection, and to create retention schedules and mandatory deletion guidelines for any biometric data collected. (STATESCOOP.COM )

Social media

Lawsuits accuse LinkedIn of tracking users' health info

LinkedIn is facing several proposed class action lawsuits filed in recent weeks in California alleging that the company is "intercepting" users' sensitive information related to appointments booked on medical websites through the use of embedded web tracking tools for marketing and advertising purposes. (HEALTHCAREINFOSECURITY.COM )

Space

U.S. Space Force moves to make its systems battle-ready by 2026

The Space Force this summer kicked off a campaign to ready itself for a potential conflict by closing high-priority gaps in its command-and-control architecture — an effort to ensure that the systems and processes military leaders rely on for tactical decisions work together as designed. (DEFENSENEWS.COM )

Transportation

Ban on Chinese tech so broad, U.S.-made cars would be blocked, Polestar says

Today, Polestar electric vehicles gained access to the Tesla Supercharger network. But right now, Polestar has bigger worries than expanding its charging options. Should?proposed new rules banning Chinese connected-car software and hardware?go into effect, they would effectively ban the automaker from the US market, the company says, including the EVs it builds in South Carolina. (ARSTECHNICA.COM )

Workforce

Security outsourcing on the rise as CISOs seek cyber relief

Gartner predicts that security services spending?will increase 15.8% to reach $86.1 billion next year. The long-running?global skills shortage in the cybersecurity industry?is pushing investment towards security services, reshaping how enterprises approach the challenge of securing their infrastructures. CISOs are turning to managed security services to take advantage of seasoned practitioners that they would struggle to hire and retain internally. (CSOONLINE.COM )

LEGISLATIVE UPDATES

Senator urges Meta CEO to maintain election research partnerships

Markey praised?collaborations that “produced high-quality and informative studies on Facebook and Instagram’s political impact” on the 2020 elections.. However, he expressed concern that Meta might not?repeat the project this cycle, as it has reduced staffing on its trust and safety teams responsible for content moderation and discontinued CrowdTangle, a tool used by researchers to study disinformation and influence operations on its platforms. (CYBERSCOOP.COM )

EVENTS

CYBERWEEK: The Oct. 28 - Nov. 1 CyberWeek will be powered by more than 100 in-person & virtual community events, interactive sessions, talks and networking opportunities across the nation that will bring thousands of cybersecurity innovators, decision makers and influencers together.

CYBERTALKS: This event on Oct. 30 at the Andrew W. Mellon Auditorium in Washington provides an invaluable forum for exchanging ideas and best practices on ways to bolster digital defenses and promote cyber resiliency.

IT MODERNIZATION AND AI SUMMIT: This virtual summit on Nov. 12 will bring together technology leaders from across higher education, as well as state and local governments to explore the ongoing challenges they face while embracing IT modernization and digital transformation.

CYBERSAT: From Nov. 18 to Nov. 20 in Reston, Va., CyberSat24 is the space security event that successfully unites satellite, space, cyber and government to educate on threat vectors and to thwart next-generation attacks.

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE ?|?SPOTIFY ?|?APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE