In April, the U. S. Department of Justice’s strategy was launched. UU. de prioritizing “disruptive capabilities” was used to remove the botnet directed through the main intelligence directorate of the Russian General Staff (GRU) known as “Sandworm”. Lawfare explains how this strategy can also be implemented through staff Last month, Microsoft received a court order to capture seven important domains used through the GRU “Fancy Bear” unit to attack establishments in Ukraine and, since 2010, Microsoft has received court orders to capture commandos and servers in more than twenty instances that have resulted in the seizure of more than 16,000 malicious names of main domains. Other tech giants like Google and Meta have begun to employ the same strategy to prosecute cybercriminals and, as Lawfare explains, personal businesses, with their vast amount of resources, can triumph over monetary business. limitations that restrict the Ability of the Department of Justice to conduct such operations.
EU Cyber Direct reports that early Friday, representatives of the European Commission, the EU Parliament and the Council reached an agreement on the Network and Information Security Directive (NIS2), a set of measures for a not unusual point of cybersecurity across the EU. . Replacing the first European Network and Information Security Directive, which was identified in 2016, NIS2 extends the scope of cybersecurity regulations to midsize and giant entities in critical sectors, adding virtual facilities, waste management, manufacturing criticism, postal facilities and public electronic communications. facilities. The EU Commissioner for the Internal Market, Thierry Breton, expressed the Commission’s support for the directive, saying: “It was imperative to adapt our security framework to the new realities and guarantee the coverage of our citizens and our infrastructures. Matrix En In today’s cybersecurity landscape, cooperation and immediate data sharing are of the utmost importance With the NIS2 agreement, we are modernizing regulations to ensure facilities that are more critical to society and the economy NIS2 will put in place more stringent compliance requirements and data-sharing provisions and will harmonize sanctioning regulations around the world. The measure will also identify the European Network of Cyber Crisis Liaison Organizations (EU-CYCLONE) to oversee responses to large-scale cybersecurity incidents. Politico notes that the organizations found to be in violation of NIS2 can only be subject to fines of up to 2% of revenue, figures that more or less reflect the demands of ransomware attackers. Bart Groothuis, the Dutch Liberal MEP who led the negotiations, said the law “will help more than 100,000 entities to control security and make Europe a safe place to live and work. If we are attacked on a large-scale commercial site, we will have to respond on a commercial scale. ” NIS2 is now awaiting formal approval from EU member countries and the European Parliament.
The recent consequences of the discovery of the Log4Shell vulnerability have made the security of the source chain of open source software a more sensible priority in the United States. The Open Source Security Foundation (OpenSSF) and the Linux Foundation have been running to find solutions, and ZDNet reports that they have implemented a $150 million investment to address ten major open source security issues over the next two years. Its goals include offering fundamental education and certification in the progression of secure software for all; Establish a public threat assessment dashboard based on objective metrics for key OSS components, drive the adoption of virtual signatures in software releases, and identify an open-source OpenSSF security incident response team. Tech corporations like Amazon, Ericsson, Google, Intel, Microsoft, and VMware have already taken over the $30 million song, however, it will only take a small fraction of the investment to implement the planned tweaks through OpenSSF.
Meanwhile, the US House Committee on Science, Space, and Technology met last week to discuss conceivable responses to the cybersecurity problem of open source software. Rep. Bill Foster, who called the meeting, explained, “It’s safe to say that anyone who has ever used a computer has relied on open source software. Brian Behlendorf, CEO of OpenSSF, told GovTech: “The bad news is that there are a lot of paints to be done and a lot of other types of paints are needed. The good news is that we know what these paints are and that we have equipment and techniques on display. that can evolve if the resources are available. With so much open source software in circulation, a first step will be to figure out which software is the most critical. Innovation Science indexed the 1,000 most used open source libraries and published the list in March. In addition, the National Science Foundation announced that it would provide grants to secure elements of the open source ecosystem.
India is pushing the garage of personal knowledge employing generation designed for anonymity (Global Voices) Since VPNs and blockchain-based facilities are designed to ensure user anonymity and privacy, this direction can force many service providers to shut down their operations in India.
Strengthening cooperation and dissemination of electronic evidence: 22 countries point to a new protocol of the Convention on Cybercrime (Council of Europe) The most protocol moment of the Convention on Cybercrime (Budapest Convention), aimed at strengthening cooperation and dissemination of electronic evidence, open for signature in a convention organized under the Italian presidency of the Committee of Ministers of the Council of Europe.
EU wins new law to combat hackers in critical sectors (POLITICO) Rules for industries and governments aim to spare you a general cyber disruption.
The Council and the European Parliament reach an agreement on the NIS 2 Directive (EU Cyber Direct) On 13 May 2022, the Council and the European Parliament reached an agreement on the Directive on measures for a non-unusual cybersecurity point in the Union (NIS Directive 2 ), which adapts the previous NIS Directive to existing needs.
EU lawmakers reach agreement on stricter cybersecurity regulations for critical sectors (The Record to Recorded Future) The revised directive, called NIS2, would update the first EU cybersecurity law that was established in 2016.
EU governments and lawmakers agree on stricter cybersecurity regulations for key sectors (iTnews) Critical infrastructure in the crosshairs.
The White House joins OpenSSF and Linux Foundation in securing open source software (ZDNet) Security in the source chain of open source software is now a major national security issue.
U. S. House of Representatives lawmakers are in the U. S. House of Representatives. Open source vulnerabilities are everyone’s problem and, with memories of Log4Shell still new (and cleanup is still ongoing), House lawmakers are asking how and where the federal government can help.
Agencies advance on Biden’s Zero Trust Executive Order 2021 (virtualization review) A year later, a new report based on research indicates that civilian and federal agencies are advancing President Joe Biden’s 2021 executive order for the country’s cybersecurity.
U. S. Cyber Boss Software Patchesto resemble car recalls (Registration)
U. S. Surveillance of Americans Must Stop (The Hill) In 2021, the FBI conducted up to 3. 4 million warrantless searches of Americans’ phone calls, emails, and text messages.
New social media, electronic policies most likely on the way to the Marine Corps Times The Marine Corps is about to release a document that codifies “information” as a combat function.
Assemblyman Cusick takes action against the development of cyber attack threats on the force network (silive) The country’s force networks remain vulnerable to cyberattacks, however, the New York Assembly on Wednesday passed a law that would take measures for the state’s supply of force.
DCSA investigators return to the box for subject interviews (ClearanceJobs) The Defense Counterintelligence and Security Agency (DCSA) returns to the “normal” address for background investigators.
USA. U. S. Issues Charges in First Criminal Sanctions Case Against Cryptocurrencies (Washington Post) Federal Judge Concludes U. S. Sanctions LawsUU. se apply to $10 million in Bitcoin sent through U. S. citizens to Washington’s blacklisted country