ISBuzz Team

BACKGROUND: The New York Times is reporting this morning: Russia Challenges Biden Again With Broad Cybersurveillance Operation. Of note in that reporting was that after Administration officials confirmed the attacks were ongoing, they laid the blame for any attack success at the feet of the private sector, saying “We can do a lot of things, but the responsibility to implement simple cybersecurity practices to lock their — and by extension, our — digital doors rests with the private sector.”

BACKGROUND: Yesterday, Britain’s National Cyber Security Council announced websites should allow customers to cut and paste passwords to access their accounts following new password guidance issued by The National Cyber Security Centre. 

The digital revolution has opened up a world of risk. With everyone just a click away, it has never been easier for criminals to find unsuspecting victims. To find out if the dangers of cybercrime are equally spread across the globe, the anti-fraud experts at SEON combined cybersecurity indices and indicators, to reveal the countries that are the least (and most) risky for internet users. The lowest risk countries for cyber threats:  RankCountryNational Cyber Security IndexGlobal Cybersecurity Index 2020Basel AML Index 2020Cybersecurity Exposure Index (CEI) 2020Cyber Legislation RatingCyber Safety Score1Denmark84.4292.63.460.11713.008.912Germany80.5297.414.420.24117.008.763United States79.221004.570.14515.008.734Norway62.3496.893.190.13412.008.465United Kingdom77.9299.544.020.20712.008.446Canada66.2397.674.680.20716.008.357Sweden57.1494.553.320.2113.008.228Australia66.2397.473.840.13110.008.169Japan63.6497.825.160.13814.008.0910Netherlands81.8297.054.560.26210.008.00 Denmark is the most digitally secure country, with an overall…

BACKGROUND: Mandiant and Microsoft have identified a new wave of intrusion activity from the threat actor behind the SolarWinds supply chain attacks. While at a smaller scale than what we saw late last year, it’s a new shift – they’re using the reseller community to get to their desired targets. We’ve seen downstream victims in North America and Europe thus far, and the intrusion activity is ongoing.

CISA is urging admins to patch a critical (Level 10) bug found in Discourse versions 2.7.8 and earlier. Discourse released a security advisory to address a critical RCE vulnerability (CVE-2021-41163). The vuln was fixed by the developer in an urgent update on Friday. Discourse had 405 million users as of Sept. 2021 viewing 3.5 million posts. 

BACKGROUND: Acronis, the global leader in cyber protection, has released its annual Cyber Readiness Report this week, providing a comprehensive overview of the modern cybersecurity landscape and the key pain points faced by businesses and remote employees worldwide amid the global pandemic. Acronis’ research from last year revealed more than 80% of global companies admitted they were not prepared to transition to remote work – exposing key vulnerabilities businesses must quickly plan and implement solutions for.

BACKGROUND: It’s been reported that a multi-government effort has resulted in notorious ransomware group REvil being taken offline and some of its servers allegedly hijacked.

BACKGROUND: In the light of Ofcom’s report finding a startling rise in smishing attacks, cybersecurity experts reacted below.

BACKGROUND: Edward Snowden spoke at a press conference yesterday marking the first Global Encryption Day, stating “If you weaken encryption, people will die.” “Privacy is power,” said Snowden, speaking from Russia via video link. The U.S., European Union, Australia, Russia and China are among the jurisdictions “trying to develop means and methods for requiring weak encryption systems,” Snowden claimed.