InfoSecSherpa Newsletter — 28 June 2021
- NIST details executive order’s ‘critical software’ categories
(GCN, 28 June 2021)
To help agencies comply with the Biden administration’s cybersecurity executive order, the National Institute of Standards and Technology on June 25 posted a new definition of “critical software” for production systems and operational purposes.
- Book of evidence served on Corkman accused of hacking into computer parking system
(Irish Examiner, 28 June 2021)
A book of evidence was served on a 29-year-old man under new anti-computer crime legislation arising out the alleged hacking into a computer parking system.
- Minimizing insider threats with open-source intelligence
(GCN, 28 June 2021)
To successfully mitigate an insider threat within agencies, officials responsible for insider threat programs need access to more accurate and trustworthy signals that can be used to identify or resolve risks.
- Bipartisan Bill Aims to Strengthen Federal Cyber Workforce
(MeriTalk, 28 June 2021)
Senators Maggie Hassan D-N.H. and John Cornyn R-Texas, have introduced the Federal Cybersecurity Workforce Expansion Act which aims to help strengthen U.S. cyber defenses and bolster the Federal government’s cyber workforce.
- Department of Defense to address small business concerns as part of CMMC program review
(Fed Scoop, 28 June 2021)
The Department of Defense (DOD) has said it will address concerns that that the Cybersecurity Maturity Model Certification (CMMC) will impose additional costs on small businesses, as part of an ongoing internal review.
- Russia’s Little Cyber Green Men Versus the U.S. Digital Army
(Newsweek, 28 June 2021)
In the eyes of the U.S. Intelligence Community, to a certain extent this enemy includes the Kremlin itself, but mostly it spans an array of shadowy groups whose direct association to the Russian President Vladimir Putin’s government is suspected but not entirely clear, much less demonstrable.
- Maritime Cyber Attacks Are Among the Greatest Unknown Threats to the Global Economy
(CPO Magazine, 28 June 2021)
The fact is, if the maritime industry suddenly disappeared without a trace, the economic, social, and political impacts would be devastating. Billions of tons of vital products like food, medicine and oil are shipped around the world every year, and if these goods stopped flowing, billions of people would suffer the consequences.
- Cyber insurance isn’t helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers
(ZD Net, 28 June 2021)
Allowing organisations to claim back ransom payments could be making the problem of ransomware worse — but cyber insurance could be used to help improve security, says RUSI research paper.
- Microsoft approved a Windows driver booby-trapped with rootkit malware
(The Register, 28 June 2021)
Microsoft on Friday admitted it had signed malicious third-party driver code submitted for certification through its Windows Hardware Compatibility Program.
- Crackonosh: New malware secretly mines crypto from gamers
(ITP.net, 28 June 2021)
Hackers are duping gamers by stealing their cryptocurrencies via video games. By using Crackonosh malware to infect Windows devices via cracked and illegal copies of software and video games, hackers are mining cryptocurrency without gamers’ knowledge.