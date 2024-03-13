ARTICLE

CONSIDER THIS

It's Not the Size of the Password. A recent study revealed that 31.1 million breached passwords were at least 16 characters long. Longer passwords alone, without the requisite complexity, are penetrable.

Let's Give a Hand to the New Cyber Command. On February 2, 2024, Gen. Timothy Haugh began his command of U.S. Cyber Command and the National Security Agency.

At the Risk of Droning On. On February 7, 2024, Sens. Mark Warner, D-Va., and John Thune, R-S.D. proposed legislation that would grant NIST authority over drone cybersecurity responsibilities.

More Frequent Check-Ups. On February 9, 2024, Sens. Angus King, I-Maine, and Marco Rubio, R-Fla, introduced the Strengthening Cybersecurity in Health Care Act, which would require federal health officials to conduct regular evaluations of digital security systems and issue biennial reports to Congress.

Priority of Platitudes. On February 12, 2024, the Joint Cyber Defense Collaborative released its 2024 priorities of: (i) defending against advanced persistent threat operations; (ii) raising critical infrastructure's cyber baseline; and (iii) anticipating emerging technology and risks.

Log, Log, Log, Log, Log. Microsoft rolled out expanding logging. Back in July 2023, Microsoft stated that it will: (i) make expanded logging available to all federal agencies; and (ii) increase the default log retention period from 90 to 180 days.

DOE to Give Energy Sector a Boost. On February 26, 2024, the DOE announced a $45 million investment into cybersecurity research.

NIST 2.0: The Sequel. On February 26, 2024, NIST announced an updated cybersecurity framework that applies to all organizations. It is the first update since 2014.

AS THE WORLD TURNS

Getting Schooled by the Russians. A February 1, 2024, report highlighted an ongoing scheme in which Russian intelligence operatives are impersonating US and European academics to obtain access to their email accounts.

Who Says Crime Doesn't Pay? A February 8, 2024, report revealed that ransomware payments in 2023 surpassed, $1 billion, which is double the payments made in 2022.

Sale of RAT Malware Exterminated. On February 12, 2024, federal authorities seized internet domains and arrested two men associated with a dark web business that sold RAT malware to cybercriminals for the last 12 years.

SOS on iOS. On February 19, 2024, researchers detected the iOS GoldPickaxe trojan. This trojan collects face profiles, identification documents, and SMS messages that threat actors to gain access to the victim's bank account and make unauthorized money transfers.

FBI Puts a Lock on LockBit. On February 20, 2024, U.S. and U.K. authorities have seized the LockBit darknet websites. LockBit claimed more than 2,000 victims and extorted over $120 million in payments.

Here's a Meeting Invite You Don't Want to Accept. On February 28, 2024, Krebs alerted individuals to a new hacking campaign targeting people in the cryptocurrency space using Calendly meeting links.

