CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to urgently conduct the scans following widespread exploitation of vulnerabilities, in fear that some compromises may have remained undetected. In an updated directive, CISA…

The five principles underpinning the new US administration’s vision to strengthen the nation’s cyber-resilience were outlined by the Department of Homeland Security (DHS) secretary Alejandro Mayorkas during a RSAC webcast. Mayorkas began by emphasizing the need for the public and private sector to work closely together to defend against, and respond to, rising cyber-attacks. “The government does not have the capacity to achieve our nation’s cyber-resilience alone – so much of our critical infrastructure is…

A major hotel bookings site has been fined €475,000 after failing to report a serious data breach within the time period mandated by the General Data Protection Regulation (GDPR). Booking.com suffered the breach back in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). After obtaining their login credentials to a Booking.com system, they were able to access the personal details of over 4100 customers who had booked…

A North Korean espionage campaign targeting security researchers has taken another turn with the creation of a new fake company, website and social media accounts to lure victims, according to Google. The tech giant’s Threat Analysis Group (TAG) first discovered the campaign back in January. At the time, the threat group launched a research blog which it posted links to via fake social media profiles on LinkedIn, Twitter and Keybase. It then approached researchers in…

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices. The…