Friday Five: Cyber Incident Reporting, Looming Attacks, & More

CISA OFFERS VOLUNTARY CYBER INCIDENT REPORTING PORTAL BY NAVEEN GOUD

The Voluntary Cyber Incident Reporting Portal, established by the Cybersecurity and Infrastructure Security Agency (CISA), enables businesses to report cyber-attacks and provides guidance on incident reporting, public communication, and proactive security measures. The portal, part of CISA's services, helps track vulnerabilities, offers updates on fixes, supports law enforcement investigations, and aims to prevent future attacks. Set to officially launch in October 2025 under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the portal is expected to handle 25,000 reports in its first year. CISA emphasizes that the platform is designed to support victims without shaming or blaming, instead ensuring victim privacy.

Read more

CALIFORNIA APPROVES PRIVACY BILL REQUIRING OPT-OUT TOOLS BY JENNIFER LAWINSKI

California's legislature passed a bill requiring internet browsers and mobile operating systems to provide an easy mechanism for users to opt out of the sale or sharing of personal information. This builds on the California Consumer Privacy Act (CCPA), enabling browsers to automatically send opt-out requests to websites and apps. Currently, browsers like Chrome, Safari, and Edge, as well as Android and iOS, lack these tools, requiring third-party software. The bill mandates that opting out should be simple and accessible. Once signed by Governor Gavin Newsom, the bill mandates that opting out should be simple and accessible, aiming to benefit all users, not just Californians. The California Privacy Protection Agency praised the bill for enhancing consumer trust and protection.

Read more

FBI: NORTH KOREAN ACTORS READYING AGGRESSIVE CYBERATTACK WAVE BY ELIZABETH MONTALBANO

The FBI has issued a warning about imminent cyberattacks by North Korean threat actors targeting organizations with cryptocurrency-related assets or products. These attacks are expected to involve highly deceptive social engineering tactics, including personalized approaches, to steal funds or deploy malware. North Korean groups, such as Lazarus and Kimsuky, have previously used similar tactics to gather funds for their country's nuclear program. The attackers will likely impersonate recruiters, headhunters, or business contacts to build trust with victims before executing malicious activities. Organizations are urged to adopt strong verification methods, avoid storing sensitive information on unprotected devices connected to internal networks, and implement multi-factor authentication to prevent such attacks.

Read more

US CHARGES RUSSIAN MILITARY OFFICERS FOR UNLEASHING WIPER MALWARE ON UKRAINE BY DAN GOODIN

Six Russian nationals, including five officers from the GRU's Unit 29155, were indicted for hacking Ukrainian government networks and its allies, stealing data, and deploying destructive malware. Known as WhisperGate, the ransomware-disguised malware targeted Ukrainian critical infrastructure and wiped computers, supporting Russia's military operations in Ukraine. The indictment follows findings by Microsoft and accuses the defendants of scanning global systems, including in the U.S., for vulnerabilities to launch cyberattacks. The Justice Department also took direct legal action against Russian threat actors' efforts, offering a $10 million reward for information on their locations or cyber activity.

Read more

NEW RANSOMWARE VARIANT HAS BLACKCAT-LIKE SIMILARITIES, REPORT SAYS BY CHRISTIAN VASQUEZ

A new ransomware variant has surfaced, dubbed Cicada3301, drawing inspiration from a decade-old internet mystery. According to researchers, it exploits vulnerabilities to gain access and encrypts files, particularly targeting small- to medium-sized North American and English businesses, and is said to be more advanced than the notorious BlackCat malware. Cicada3301 has similarities to BlackCat in encryption techniques, and several victims have been identified, including manufacturers and healthcare organizations. Despite the name, Cicada 3301 Metaverse LLC denies any involvement with the ransomware, distancing itself from the attacks.

Read more