In terms of policies and regulationsThis week, three domestic and foreign cybersecurity-related policies and regulations were observed, including the Cyberspace Administration of China's "Cybersecurity Incident Reporting Management Measures" for public consultation, and the European Union's agreement on the "Cyber Resilience Act".
Vulnerability postureThis week, 20 vulnerabilities were monitored, including a key vulnerability in the D-Link router that proved to be fake, and a surge in the exploitation of the Cisco iOS XE vulnerability.
In terms of security incidentsThis week, 21 major cybersecurity incidents were monitored, with a typical incident being a ransomware attack on U.S. Navy shipbuilder Austul USA.
Product technologyDenexus announced the launch of DeRisk's freemium service, powered by artificial intelligence, machine Xi and probabilistic reasoning, that enables users to assess their key cyber risk drivers and the potential losses that cyber events can cause.
M&A financingArmorcode, an app security company based in Palo Alto, California, raised $40 million in a Series B funding round that will use the new investment to fuel its growth.
1.The Cyberspace Administration of China's "Measures for the Management of Cybersecurity Incident Reporting" is open for public comment
On December 8, in order to standardize the reporting of cybersecurity incidents, reduce the losses and harms caused by cybersecurity incidents, and maintain national cybersecurity, in accordance with the "Cybersecurity Law of the People's Republic of China" and other laws and regulations, the Cyberspace Administration of China drafted the "Administrative Measures for Cybersecurity Incident Reporting (Draft for Solicitation of Comments)", which is now open to the public for comments.
Facts**:2.The EU agreed on the Cyber Resilience Act
On November 23, the World Economic Forum (WEF) published a ** that provides guidance on ensuring cybersecurity in operational technology (OT) environments at a time when OT and IT (information technology) environments are increasingly digitized and converged. Ensuring OT cybersecurity is fundamental to the continued operation of industrial operations, which are critical to keeping the global economy and infrastructure running.
Facts**:3.There are 21 vulnerabilities in the Sierra wireless router that could expose critical infrastructure to attack
On December 6, a number of Sierra Wireless cellular routers were affected by 21 vulnerabilities, some of which could pose significant risks to affected organizations, including critical infrastructure sectors, according to cybersecurity and risk management firm Forescout. The vulnerabilities, collectively known as "Sierra:21", were discovered by Forescout researchers in the Sierra Wireless AirLink OT IoT router.
Facts**:4.The critical vulnerability of the D-Link router turned out to be fake
On December 7, it was reported that CISA added the newly discovered vulnerability CVE-2022-28958 to the Known Exploitable Vulnerabilities (KEV) directory, which has been officially confirmed as a bug and removed from the directory. The decision comes after the NVD database was revoked from CVE's "vulnerable" status after a months-long review. Vulncheck emphasized that the initial disclosure of the vulnerability incorrectly convinced Mitre, NVD, and CISA of its importance. Even if the attackers incorporated this vulnerability into the functionality of the Moobot botnet, they found that it did not work.
Facts**:5.An Adobe Coldfusion vulnerability was exploited to attack a U.S.** organization
On December 5, CISA, the U.S. cybersecurity agency, issued an alert warning organizations about the exploitation of the Adobe Coldfusion vulnerability. The vulnerability is tracked as CVE-2023-26360 and was fixed in mid-March 2023. In a new cybersecurity advisory, CISA revealed that the vulnerability was exploited in June of this year as part of an attack against the servers of Federal Civil Administration (FCEB) agencies.
Facts**:6.Exploitation of Cisco IOS XE vulnerabilities has skyrocketed
On December 6, the ShadowServer Foundation, a nonprofit cybersecurity organization, reportedly found a spike in the number of devices being hacked through the recently patched Cisco IOS XE vulnerability. The vulnerabilities are tracked as CVE-2023-20198 (CVSS score of 10) and CVE-2023-20273 (CVSS score of 7.).2) and patched in October, when Cisco warned that the vulnerabilities had been exploited as zero-day vulnerabilities.
Facts**:7.The pool party injection technique was not detected by the EDR solution
On December 7, it was reported that Safebreach, a breach and attack simulation company, had discovered eight new process injection techniques known as Pool Party that could trigger malicious ** executions that would not be detected at all by leading endpoint detection and response (EDR) solutions, namely Palo Alto Cortex, Sentinelone EDR, Crowdstrike Falcon, Microsoft Defender for Endpoint and Cyber Eason EDR.
Facts**:8.U.S. Navy shipbuilder Austul USA was hit by a ransomware attack
On December 7, it was reported that the U.S. branch of Australian shipbuilding company Austal is a contractor for the U.S. Department of Defense and Homeland Security, and recently issued a cyberattack alert to the Federal Bureau of Investigation and the Naval Criminal Investigation Agency (NCIS). The Hunter International ransomware group claimed responsibility for the cyberattack, and the group leaked stolen information on the dark web as evidence that it had been breached.
Facts**:9.Ransomware and data breaches have swept the OT and industrial sectors
On December 6, new research released by Claroty, a cyber-physical systems protection company, revealed that based on a global independent survey of 1,100 information technology (IT) and operational technology (OT) security professionals working in critical infrastructure, 75% of respondents said they had been victims of a ransom attack in the past year, 69% of those who were attacked had paid a ransom, and more than half (54%) had suffered a financial loss of $100,000 or more.
Facts**:10.Nissan recovers systems after a cyberattack
On December 6, Nissan automakers said in a statement that the company had suffered a cybersecurity incident involving its systems in Australia and New Zealand, without sharing specific information about the type or extent of the breach. Nissan said it has been working to restore the systems affected by the incident, suggesting that a ransomware attack could force it to shut down its systems.
Facts**:11.South Korea has accused Andariel, a North Korean hacking group, of stealing sensitive defense secrets from South Korean defense companies
On December 5, the Seoul National Police Agency said North Korean hacker groups had hacked dozens of South Korean companies, including defense companies. The campaign also extorts ransom payments from other private sector entities. About 250 documents related to defense technology, including air defense**, were stolen by hackers,** working with the FBI to determine that it was the work of the North Korean hacking group Andariel;Money laundering into North Korea was discovered by tracing the proceeds of crime that took ransomware as a hostage.
Facts**:12.Third-party intrusion affects the energy industry
On December 7, 90% of the world's largest energy companies have experienced third-party breaches in the past 12 months, according to SecurityScorecard. Cyberattacks on energy can cause not only financial losses, but also damage. They also impact manufacturing, healthcare, and transportation.
Facts**:13.Aeroblade attacks the American aerospace company
On December 7, cybersecurity firm BlackBerry reported that in the past year, attackers known as Aeroblade first targeted the group in September 2022 as part of a "testing phase" and then again in July 2023 using newer tools, a US-based aerospace group launched a cyberattack in both attacks in which the attack vector was spear-phishing emails with malicious word documents.
Facts**:14.DADOS provides free OT cybersecurity technology to small U.S. utilities
On December 6, industrial cybersecurity company dragos announced that it will provide free operational technology (OT) security software and other resources to small electric, water, and gas utilities in the U.S. through its Community Defense program. Launched as a pilot last year, the Community Defense program is now being expanded to enable U.S. utilities with annual revenues of less than $100 million to benefit from dragos technology at no cost.
Facts**:15.Denexus expands access to its AI-based cyber risk assessment platform for critical infrastructure, industrial enterprises
On December 5, Denexus announced the launch of the DeRisk freemium service, powered by artificial intelligence, machine Xi, and probabilistic reasoning, that enables users to assess their key cyber risk drivers and the potential losses that cyber incidents can cause. It's a simplified version that provides a free entry point for industrial facilities and risk owners to understand their cyber risk profile and assess the impact of mitigation strategies, free of charge.
Facts**:16.Application security startup Armorcode raises $40 million
Palo Alto, California-based app security company Armorcode raised $40 million in its Series B funding round, bringing the company's total funding to $65 million. The company will use the new investment to drive its growth, with plans to increase the number of employees in its engineering, go-to-market and product teams by 20%. It will also seek new partnerships and expand into Europe and new product areas.
Facts**: