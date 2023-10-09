(October 5, 2023) -
Consider This
" US Number One. On September 1, 2023, The Interisle Consulting Group published its annual report that revealed of the six million phishing reports between May 1, 2022 and April 30, 2023, 30,000 of them used a .US phishing domain.
" I Pledge Allegiance to Cybersecurity. On September 5, 2023, CISA launched a design pledge requiring K-12 software providers to develop products with built-in security measures and to take ownership of customer security outcomes, embrace "radical transparency and accountability," and lead from the top.
" She Really Is Listening, and She's a Snitch. On September 6, 2023, a code security firm's analysis revealed that 4,500 websites in Alexa's top 1 million sites have exposed .git directories that could provide attackers with source code, configuration files, and access credentials.
" Need Help Denying the Deniers? On September 7, 2023, CISA released new guidance that: (1) provides details on ways to mitigate DDoS attacks; and (2) outlines various DDoS mitigation services.
" It Takes a Village. On September 12, 2023, the DOD issued its 2023 Cyber Strategy. One key focus of the Strategy is the commitment to boost the cyber capabilities of allies and partners, and to increase collective resilience against cyberattacks.
" Simplicity Is Critical for Critical Infrastructure. On September 19, 2023, the DHS released a 100-page report recommending a unifying reporting requirement for cyber incidents impacting critical infrastructure. Critical infrastructure entities currently face 45 active reporting requirements from 22 different federal agencies.
" The Name Game. On September 27, 2023, CISA issued the Bill of Materials (HBOM). The HBOM includes a: (1) consistent naming methodology; (2) means to identify different components; and (3) means to identify the appropriate component depending on its use. The HBOM is meant to provide a consistent method for vendors to communicate with purchasers about product components.
As the World Turns
" Keys For Free. On September 1, 2023, the cyber intelligence firm EclecticIQ released a free decryption tool to help victims of the Key Group threat actor group.
" The Latest from Captain Obvious. According to the DHS' 2024 Homeland Threat Assessment, ransomware attacks are on the rise, up 47% between January 2020 and December 2022.
" Beware of Dual Ransomware. On September 27, 2023, the FBI issued a Private Industry Notification warning of a new trend: threat actors deploying two different ransomware variants on the same organization in close succession.
Don't Forget
" On September 8, 2023, the California Privacy Protection Agency reviewed draft regulations that would require certain companies to conduct cybersecurity audits and risk assessments.
