Author: RecordedFuture

Easterly: SEC vs. CIRCIA a ‘recipe for dysfunction’ after private sector complaints
Summary: Private sector companies are struggling to navigate the complexities of two new cyber incident reporting rules: the SEC’s regime and the CIRCIA requirements. Jen Easterly, former director of CISA, highlighted the confusion this dual reporting obligation creates for critical infrastructure organizations. She emphasized the need for harmonization of cyber rules to simplify compliance and enhance collective cyber defense efforts.…
Read More
Section 702 surveillance powers remain ‘indispensable,’ CIA pick Ratcliffe says
Summary: John Ratcliffe, President-elect Donald Trump’s nominee for CIA director, expressed strong support for the warrantless surveillance tool under Section 702 of the Foreign Intelligence Surveillance Act (FISA), highlighting its significance for national security. His stance may conflict with other Trump nominees who have criticized the program, raising concerns about civil liberties and the collection of Americans’ communications.…
Read More
No new funding in EU plan to tackle ransomware attacks against hospitals
Summary: The European Commission has unveiled an action plan aimed at bolstering the cybersecurity of the healthcare sector, which has been the most targeted by cyberattacks in Europe over the past four years. The plan includes guidance for healthcare entities and emphasizes the need for national-level implementation of existing cybersecurity directives, despite the lack of new funding.…
Read More
University of Oklahoma isolates systems after ‘unusual activity’ on IT network
Summary: The University of Oklahoma is investigating unusual cyber activity on its network after being targeted by a ransomware gang known as Fog, which claims to have stolen 91 GB of sensitive data. The institution has taken measures to isolate affected systems and enhance security. This incident highlights the ongoing threat of ransomware attacks in the education sector, particularly during periods of reduced IT staffing.…
Read More
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Summary: Ukrainian cyber agencies report a rise in sophisticated cyberattacks primarily attributed to three Russia-linked hacker groups targeting government and critical services. The attacks have focused on espionage, financial theft, and psychological warfare, with the most active group being UAC-0010, also known as Gamaredon. Over the past year, Ukraine’s cybersecurity incident response center has addressed over 1,000 incidents, indicating a significant threat to national security.…
Read More
US issues final rule barring Chinese, Russian connected car tech
Summary: The U.S. Commerce Department has announced a new rule prohibiting the import of certain vehicle connectivity technologies from China and Russia, citing national security concerns. This regulation aims to prevent foreign adversaries from accessing sensitive data and potentially manipulating connected vehicles.

Threat Actor: Chinese and Russian state-sponsored cyber actors | Volt Typhoon Victim: U.S.…

Read More
Hegseth says debate over Cyber Command, NSA leadership would reach ‘conclusion’
Summary: President-elect Donald Trump’s nominee for Defense Secretary, Pete Hesgeth, aims to resolve the ongoing debate regarding the dual-hat leadership of U.S. Cyber Command and the NSA. He acknowledges the complexities of this relationship and emphasizes the need for effective cybersecurity measures against foreign threats.

Threat Actor: Salt Typhoon, Volt Typhoon | Salt Typhoon, Volt Typhoon Victim: U.S.…

Read More
Tennessee-based mortgage lender confirms December cyberattack
Summary: Mortgage Investors Group (MIG), a major mortgage lender in the Southeast U.S., experienced a cybersecurity incident that exposed sensitive customer information. The attack, attributed to the Black Basta ransomware gang, has raised concerns about the security of financial institutions in the housing industry.

Threat Actor: Black Basta | Black Basta Victim: Mortgage Investors Group | Mortgage Investors Group

Key Point :

Unauthorized access to MIG’s computer environment led to the exposure of sensitive personal information.…
Read More
Russia’s largest platform for state procurement hit by cyberattack from pro-Ukraine group
Summary: Roseltorg, Russia’s primary electronic trading platform for government and corporate procurement, confirmed it was targeted by a cyberattack, initially misrepresented as maintenance. The pro-Ukraine hacker group Yellow Drift claimed responsibility, alleging they deleted 550 terabytes of data from the platform.

Threat Actor: Yellow Drift | Yellow Drift Victim: Roseltorg | Roseltorg

Key Point :

Roseltorg initially reported service outages due to maintenance before revealing a cyberattack.…
Read More
Products and people are in place for CISA to succeed, agency’s departing No. 2 official says
Summary: Nitin Natarajan reflects on his tenure at CISA, highlighting the agency’s growth and key initiatives in cybersecurity, particularly in response to increasing digital threats. As he prepares to transition leadership, he emphasizes the importance of continuity and resilience in protecting U.S. critical infrastructure.

Threat Actor: China-linked hackers | China-linked hackers Victim: U.S.…

Read More
Turks and Caicos recovering from pre-Christmas ransomware attack
Summary: The government of Turks and Caicos is recovering from a significant ransomware attack that disrupted various public services and operations. Experts from the U.K. are assisting in restoring systems, while the government faces political scrutiny over its cybersecurity measures.

Threat Actor: Unknown | unknown Victim: Turks and Caicos Government | Turks and Caicos Government

Key Point :

Ransomware attack impacted government services, including welfare payments and tax collection.…
Read More
‘Codefinger’ hackers encrypting Amazon cloud storage buckets
Summary: Cybercriminals are increasingly targeting Amazon Web Services’ S3 buckets, using the platform’s own encryption tools to lock organizations out of their data and demand ransom payments. This new tactic represents a significant evolution in ransomware capabilities, as it leverages server-side encryption with customer-provided keys to make data recovery nearly impossible without cooperation from the attackers.…
Read More
Poland uncovers Russia-linked disinformation campaign targeting upcoming presidential election
Summary: A Russia-linked disinformation campaign is attempting to influence Poland’s upcoming presidential elections, as revealed by Poland’s digital affairs minister. The campaign, likely controlled by the Russian military intelligence service, GRU, aims to disrupt the political coherence of Poland amid rising cyber threats.

Threat Actor: GRU | GRU Victim: Poland | Poland

Key Point :

Russia is actively attempting to influence Polish politics and elections, marking a significant escalation in foreign interference.…
Read More