InfoSecSherpa Newsletter — 30 June 2021
- Top cyber Pentagon official overseeing defense contractor project placed on leave
(The Hill, 30 June 2021)
Bloomberg first reported that Katie Arrington, chief information security officer for the Pentagon’s acquisition and sustainment office, was placed on leave in May.
- Twitter Lets Users Opt for Security Keys as Their Sole Form of Two-Factor Authentication
(Adweek, 30 June 2021)
The social network said in a blog post that users can now enroll one or more security keys as their sole 2FA method, recognizing that not everyone is able to use a backup 2FA method or willing to share their phone number with Twitter.
- ‘Perfect storm’: Bulletin warns of extremist violence as pandemic restrictions lift
(ABC6, 30 June 2021)
A new Homeland Security bulletin obtained exclusively by ABC News warns that “violent extremists might seek to exploit easing COVID-19 restrictions, increased access to mass gatherings, and possible changes in levels of violence during the summer months to conduct attacks against a range of potential targets with little or no warning.”
- Rise in online payments spurs questions over cybersecurity and privacy
(CNBC, 30 June 2021)
As more and more consumers embrace new methods of payment on e-commerce sites, questions over cybersecurity have become even more critical for businesses.
- US authorities release ransomware threat assessment tool
(IT News Australia, 01 July 2021)
Called the Ransomware Readiness Assessment (RRA), the module was released as part of the 10.3.0 update to CISA’s Cyber Security Evaluation Toolkit (CSET) on Github.
- Digital India: How the six-year-old mission has taken a largely-offline nation online
(Firstpost, 01 July 2021)
Digital India is a Rs 1,13,000-crore flagship programme of the Government of India with a vision to transform India into a digitally empowered society and knowledge economy.
- When Does a ‘Cyber Attack’ Demand Retaliation? NATO Broadens Its View
(Defense One, 30 June 2021)
A set of “malicious cumulative cyber activities” may now amount to an armed attack.
- Germany Thwarts Cyberattack, Denies Impact on Banking System
(Bloomberg, 30 June 2021)
German authorities thwarted a cyberattack on a data service provider used by federal agencies and pushed back on a report that a broad assault targeted critical infrastructure and banks.
- Colombian police arrest Gozi malware suspect after 8 years at large
(Naked Security by Sophos, 30 June 2021)
The troika was wanted for allegedly operating a bank-raiding crimeware “service” known as Gozi, based on zombie malware that used a technique known as HTML injection to trick victims into revealing personal information relating to their on-line banking.
- Rebuilding after ransomware: Heartland Community College invests $1 million
(Ed Scoop, 30 June 2021)
Following a ransomware attack last October that disrupted the operations of Illinois’ Heartland Community College, leaders approved a budget this month designed to rebuild defenses, but also to position systems to quickly adjust to future threats.