TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
CHINA'S TELECOM BREACHES: The Cyber Safety Review Board plans to investigate the lapses that allowed hackers, who are believed to be working for a Chinese intelligence agency, to orchestrate a series of intrusions that some Biden administration officials fear amount to a major espionage coup against the U.S, reports the Wall Street Journal.
RUSSIAN ELECTION THREATS: Officials say?the U.S. election system is so secure?that no foreign nation could alter the results at a scale necessary to change the outcome, the Associated Press reports, yet authoritarian adversaries have leveraged disinformation and cyberespionage to target campaigns and voters while stoking distrust and discord.?
PENTAGON’S QUANTUM CHALLENGE: Of all the critical tasks under the remit of the Pentagon’s IT office, one has risen to the highest priority: finding vulnerabilities and then modernizing the DoD’s cryptographic algorithms to stay one step ahead of adversary hackers, especially in a coming post-quantum world, Breaking Defense reports.
CRITICAL TECH INVESTMENT: The Defense Department, in partnership with the Small Business Administration, will pour more than $2.8 billion into innovative startups and small businesses developing technologies deemed vital to national security, Federal News Network reports. The first 13 licensed funds approved under the SBICCT initiative are now eligible to receive government-backed loans from the SBA, which they can use to make investments in companies that focus on technologies across 14 critical technology areas including microelectronics, space technology, advanced computing and software and trusted AI and autonomy.
CROWDSTRIKE SUED OVER OUTAGE: Delta Air Lines filed a lawsuit against?CrowdStrike accusing the security software vendor of breach of contract and negligence after an outage in July that brought down millions of computers and prompted 7,000 flight cancelations, CNBC reports.
FROM McCRARY EXPERTS
Cybersecurity priority recommendations for the next president
As America and the world await the results of a very close U.S. presidential election, a new report was released from Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security that offers strong recommendations for whomever is elected as the 47th president of the United States. (GOVTECH.COM)
READ THE REPORT: “Securing America’s Digital Future: A Bipartisan Cybersecurity Roadmap for the Next Administration”?
Experts discuss the report’s second section of recommendations focused on strengthening robust coordination across various stakeholders in cybersecurity.
CYBER FOCUS PODCAST
In the latest episode of Cyber Focus, host Frank Cilluffo discusses cybersecurity priorities for the incoming administration with “Securing America’s Digital Future: A Bipartisan Cybersecurity Roadmap for the Next Administration” co-authors Mark Montgomery, leader of the Cyberspace Solarium Commission 2.0, and George Barnes, former deputy director of the NSA. They delve into the new presidential transition task force report that advocates eight lines of effort to build upon progress made thus far in cybersecurity, including regulatory harmonization and collaboration to building workforce capacity and securing emerging technologies with the ultimate goal of safeguarding national security and economic resilience.
SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
OnePoint patient care data breach impacts nearly 800,000 people
Compromised data includes names, residence information, medical records, and information on prescriptions and diagnosis. For some of the impacted individuals, Social Security numbers were also taken, the organization?said. (SECURITYWEEK.COM)
Cryptocurrency
Notorious hacker group TeamTNT launches new cloud attacks for crypto mining
Besides using Docker Hub to host and distribute their malicious payloads, TeamTNT has been observed offering the victims' computational power to other parties for illicit cryptocurrency mining, diversifying its monetization strategy. (THEHACKERNEWS.COM)
Leaks
Oregon Department of Corrections employee ‘mistakenly’ exposed personal data of 861 people
The incident uncovered the information of numerous people who had undergone background checks with the corrections agency. Names, drivers’ license numbers, state identification numbers, birth dates and FBI numbers were exposed in the data breach. (KOIN.COM)
Recovery
City of Columbus reaches agreement with cybersecurity expert who revealed details of attack
The city says Connor Goodwolf is still allowed to discuss what kind of data was exposed, but he isn't allowed to share anything that has personal identifiable information such as social security numbers, driver's license numbers, bank account information and other sensitive information. He's also not banned from disseminating any data from the city's crime databases. (10TV.COM)
Ransomware
SonicWall firewalls the common access point in spreading ransomware campaign
Ransomware attacks hit?at least 30 organizations?using SonicWall firewalls running firmware affected by a critical vulnerability the vendor disclosed and patched two months ago. The potential for additional victim organizations is extensive.?(CYBERSECURITYDIVE.COM)
RansomHub gang allegedly behind attack on Mexican airport operator
The?RansomHub operation claimed to be responsible for the Grupo Aeroportuario del Centro Norte incident, and threatened to leak 3 terabytes of stolen data?if an undisclosed ransom is not paid. U.S. agencies?warned?of the group’s attacks in August, saying it was responsible for more than 210 incidents since emerging in February.?(THERECORD.MEDIA)
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Black Basta is a ransomware operation?active since April 2022?and responsible for hundreds of attacks against corporations worldwide. Black Basta members breach networks through various methods, including?vulnerabilities,?partnering wish malware botnets, and social engineering. (BLEEPINGCOMPUTER.COM)?
THREATS
Artificial intelligence
Japanese man convicted of creating malware using generative AI
The Tokyo District Court sentenced Ryuki Hayashi, 25, to three years imprisonment, suspended for four years, for producing code that could be used as ransomware in March 2023. His case is believed to be the first time authorities took action against a person for creating a virus using generative AI. (JAPANTODAY.COM)
Cybercrime
How Interpol is adapting to the ever-evolving cybercrime landscape
With 100 years of history, Interpol is the police organization par excellence, bringing together 196 countries in the fight against crime. But in this century, crime has undergone a transformation, with new technologies added to the mix, giving rise to cybercrime, one of Interop’s main battles today. (CSOONLINE.COM)?
Healthcare
Rising email-based cyberattacks threaten healthcare, with phishing up 37%
These attacks exploit trusted vendor relationships, where threat actors impersonate service providers, suppliers and distributors to trick employees into processing fake invoices or altering bank information. Because healthcare leverages such a vast supply chain network, it’s no wonder that VEC attacks in this industry have been skyrocketing.?(HEALTHCARE-DIGITAL.COM)
Quishing
Banks and regulators warn of rise in ‘quishing’ QR code scams
Banks said that the prevalence of this kind of scam has accelerated?since QR codes surged in popularity during the Covid-19 pandemic. (FT.COM)
Vulnerabilities
Researchers discover command injection flaw in Wi-Fi Alliance's test suite
The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as?CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. (THEHACKERNEWS.COM)
New Windows Driver Signature bypass allows kernel rootkit installs
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. This is possible by taking control of the Windows Update process to introduce outdated, vulnerable software components on an up-to-date machine without the operating system changing the fully patched status. (BLEEPINGCOMPUTER.COM)
QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards. (BLEEPINGCOMPUTER.COM)
领英推荐
ADVERSARIES
China
China is scanning Canada’s cyber defenses, state watchdog warns
“Reconnaissance scanning is not an indication of compromise” but may precede malicious actions, the Canadian Centre for Cyber Security said in a?statement. The targeted organizations included government departments and agencies, federal political parties, the House of Commons and Senate, critical infrastructure, defense, media and think tanks. The scans have occurred throughout the year. (BLOOMBERG.COM)
Russia
Russia's APT29 mimics AWS domains to steal Windows credentials
The campaign, which dates back to August, was carried out using malicious domain names designed to seem like they were associated with Amazon Web Services (AWS). The emails sent from these domains pretended to advise recipients on how to integrate AWS with Microsoft services, and how to implement zero trust architecture. (DARKREADING.COM)
MORE: AWS seizes domains used by Russia’s APT29 (SECURITYWEEK.COM)
Four REvil ransomware members sentenced in rare Russian cybercrime convictions
The four individuals are part of a group of 14 people who were initially detained in connection with the case. As reported by TASS back in January 2022, eight of them were?charged?by the court for their malicious activities. (THEHACKERNEWS.COM)
GOVERNMENT AND INDUSTRY
Artificial intelligence
Success of the AI national security memo ‘will be in the implementation,’ industry says
As the memo directs a series of actions for the federal government to execute that will contribute to securing U.S. leadership in AI innovation –– including supply chain security, forming a new specialized coordination group and streamlining visa processes for applicants with STEM backgrounds –– policy experts are pushing for firm oversight into these actions’ deployments. (NEXTGOV.COM)
U.S. needs more AI investment, not just guardrails, defense experts say
New White House AI guidance offers a solid framework for safely using the technology, but there needs to be more investment in the enabling infrastructure to better harness AI’s national security potential, Defense Department and industry leaders said. (DEFENSENEWS.COM)
Chatbots vital for government messaging, reaching residents
A recent university research study on state government chatbots highlights their potential to optimize workloads, enhance communication and reduce waits. They're becoming essential, but challenges around feedback and privacy could impact that. (GOVTECH.COM)?
40 years later,?The Terminator?still shapes our view of AI
It is the existential danger that often dominates public discussion about AI — and the six Terminator films have exerted an?outsize influence?on?how these arguments are framed. Indeed,?according to some, the films’ portrayal of the threat posed by AI-controlled machines distracts from the substantial benefits offered by the technology. (ARSTECHNICA.COM)?
There’s a wave of state AI legislation coming, new report says
In lieu of a federal law regulating artificial intelligence, state policymakers have introduced nearly 700 pieces of AI legislation in 2024, signaling an impending wave of legislation to come in 2025. A new report says this trajectory follows the pattern of consumer data privacy laws that were similarly introduced en masse over the last several years. (STATESCOOP.COM)
Cisco debuts AI agents to supplement human customer service reps
As AI continues its rapid evolution, companies are grappling with an expanding array of industry experts who say these tools, while promising, require organizations to remain flexible in their technical approaches as the technology changes. (PYMNTS.COM)
Business
Microsoft CEO asked board to cut pay in connection with security overhaul
Microsoft Chair and CEO Satya Nadella asked for the board to reduce part of his annual compensation package to account for his role in how the company prepared for malicious cyberattacks that led to an overhaul of its internal security culture.(CYBERSECURITYDIVE.COM)?
Critical infrastructure
DOE and NNSA advance historic effort to harness AI national security mission
The NSM directs the Department to, among other activities, lead, via NNSA, the safety testing and systematic evaluations (including red teaming) of frontier AI models on behalf of the U.S. government to assess nuclear and radiological risk, and coordinate across the U.S. government on assessments of chemical, biological, and other threats. (ENERGY.GOV)
How one state defends its drinking water from cyber attacks
New Hampshire has turned to security assessments plus a set of “Drinking Water Cybersecurity in a Box” turnkey solutions to reach a good baseline defense for its water systems. (GOVTECH.COM)
Iowa company recycles rare earth materials from wind turbines, electronics
Engineers at Critical Materials Recycling break apart circuit boards, old transmissions and decommissioned wind turbines to extract and recycle rare earth materials. Most recycling facilities extract things like copper and aluminum from the same scraps, but few know how to break down the batteries, meaning those rare earth material components are often lost.?(ENERGYNEWS.US)
Education
K12 SIX releases updated framework for school cybersecurity
The nonprofit group’s weighted framework of 14 controls seeks to simplify school cybersecurity in an effort to make the most critical protections more approachable and, in turn, more widespread. (GOVTECH.COM)
Energy
An audacious plan to drill into magma and power the world
The ambition of the geothermal experts and volcanologists that comprise the Krafla Magma Testbed is to convert the immense heat and pressure into a new “limitless” form of supercharged geothermal energy. (CNN.COM)
MISO, TVA to sell ‘emergency energy’ under proposed agreement
The Midcontinent Independent System Operator and the Tennessee Valley Authority will be able to sell “emergency energy” to each other under?a first-ever agreement?filed Thursday at the Federal Energy Regulatory Commission. (UTILITYDIVE.COM)
NERC GridSecCon highlights AI and emerging technology
Participants also received a preview of the grid security exercise, GridEx VIII, which will take place on November 18–19, 2025. Prior to the start of the conference, participants attended training sessions that covered a range of topics, including cyber response training and approaches to building a threat intelligence program. (NERC.COM)
Workforce
Rise of women in ICS: Transforming industrial landscape with fresh perspectives
Approximately 12 percent of the ICS (industrial control systems) security community is made up of women. Entering and succeeding in this?male-dominated?field can be challenging due to intentional and unintentional discrimination. However, women are contributing fresh perspectives and innovative solutions, transforming the industrial landscape. (INDUSTRIALCYBER.CO)
CMS fills CIO role amidst ongoing HHS tech reorganization
Once Newbold joins CMS, there will be only four open CIO jobs across HHS, including the departmental technology leadership position, which as been open since November when?Karl Mathias?left to take a different role at NASA. In addition to the top HHS job, the Centers for Disease Control and Prevention, the National Institutes of Health and the Administration for Strategic Preparedness and Response are all looking for CIOs. (FEDERALNEWSNETWORK.COM)
LEGISLATIVE UPDATES
EDUCATION INFRASTRUCTURE: Reps. Brian Fitzpatrick (R-Pa.) and Jared Moskowitz?(D-Fla.) introduced a bill that would require CISA to issue a rule requiring the installation or modification of reinforced interior and exterior safety doors in schools. (H.R. 10024)
TRANSPORTATION: Rep. Kevin Mullin (D-Calif.) introduced legislation to direct the secretary of Transportation to conduct a study on the effect of driver-controlled technology in motor vehicles with respect to severe traffic injuries and traffic fatalities.?(H.R. 10051)
EVENTS
CYBERWEEK: The Oct. 28 - Nov. 1 CyberWeek will be powered by more than 100 in-person & virtual community events, interactive sessions, talks and networking opportunities across the nation that will bring thousands of cybersecurity innovators, decision makers and influencers together.
CYBERTALKS: This event on Oct. 30 at the Andrew W. Mellon Auditorium in Washington provides an invaluable forum for exchanging ideas and best practices on ways to bolster digital defenses and promote cyber resiliency.
CYBERSAT: From Nov. 18 to Nov. 20 in Reston, Va., CyberSat24 is the space security event that successfully unites satellite, space, cyber and government to educate on threat vectors and to thwart next-generation attacks.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS