CyberScoop

02/23/2025

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday.

Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks.

Cybersecurity vendors shipped products that ultimately accounted for and became the initial access vector for the majority of the most significant attack campaigns last year, the report shows. https://scoopmedia.co/418DbPo

02/23/2025

Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we use to stop attackers. Meanwhile, attackers have no such constraints. https://scoopmedia.co/41p4ne2

02/23/2025

Federal agencies need help from stakeholders outside of government to solve some of the harder technical barriers in setting up zero-trust architecture in their networks, the Department of Energy’s chief information security officer said Wednesday.

Speaking at CyberScoop’s Zero Trust Summit in Washington D.C., Paul Selby urged technology manufacturers and experts to work with federal agencies to develop technologies and protocols that address the limitations of legacy systems — including operational technology — that are still prevalent in the energy sector.

“There’s no question that the legacy environment and the technical debt in the government is a huge problem, and we need the vendor community to help us overcome this,” Selby said. https://scoopmedia.co/4gT47bH

02/23/2025

Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday.

“This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said in an email to CyberScoop. https://scoopmedia.co/3EPeyzz

02/23/2025

One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday.

The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon.

“What we found particularly remarkable in our investigation is the gigantic and seemingly indiscriminate collection of call records and data about American people, like your friends, your family, people in your community,” Cynthia Kaiser, deputy assistant director in the bureau’s cyber division, said at the 2025 Zero Trust Summit, presented by CyberScoop. https://scoopmedia.co/3D31JRG

02/23/2025

The Securities and Exchange Commission announced Thursday that it was changing its Crypto Assets and Cyber Unit to the “Cyber and Emerging Technologies Unit.” The regulator said its new unit will “focus on combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.”

The newly rebranded unit will be composed of approximately 30 fraud specialists and attorneys across the SEC, led by Laura D’Allaird, who was made co-chief of the Crypto Assets and Cyber Unit in December. Prior to that, D’Allaird served in a variety of roles over the past three years at the SEC, including senior counsel at the Division of Enforcement and counsel to Commissioner Jaime Lizárraga. https://scoopmedia.co/41swVTO

02/23/2025

Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report.

Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco IOS XE (CVE-2018-0171). Yet, researchers asserted Salt Typhoon gained initial access to Cisco devices with legitimate login credentials in all other incidents it’s investigated to date. https://scoopmedia.co/41agyKr

02/23/2025

Republican leaders on a key House committee are canvassing the public for input on how best to move forward in Congress’ longstanding quest to tackle national data privacy and security standards.

House Energy and Commerce Committee Chair Brett Guthrie, R-Ky., and Vice Chair John Joyce, R-Pa.,issued a Request for Information on Friday that seeks guidance on how to best develop legislation to protect the digital data of Americans across an ever-widening range of essential services. https://scoopmedia.co/3QsXthl

02/23/2025

Apple has pulled Advanced Data Protection, a feature that provides end-to-end encrypted data storage through iCloud, from the United Kingdom following a fight with the British government over law enforcement access.

Starting Friday, U.K. users who attempt to access the feature on their phones or computers will be denied. Users who already had Advanced Data Protection turned on will be able to continue using it for now, but they will eventually be forced to disable it.

The move will not affect iCloud data that are end-to-end encrypted by default under Apple’s standard data protection plan, such as iMessage and Facetime, or data from iCloud KeyChain and Health. Certain kinds of metadata for iCloud backups, iCloud drive, photos, notes and messages are also encrypted under standard plans. https://scoopmedia.co/4h0PXW8

02/23/2025

The United States is falling “increasingly behind” its adversaries in cyberspace, a former Cyber Command and National Security Agency boss said Saturday.

Speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone said that “our adversaries are continuing to be able to broaden the spectrum of what they’re able to do to us.”

Nakasone said incidents like Chinese government-backed breaches of U.S. telecommunications companies and other critical infrastructure — as well as a steady drumbeat of ransomware attacks against U.S. targets — illustrate “the fact that we’re unable to secure our networks, the fact that we’re unable to leverage the software that’s being provided today, the fact that we have adversaries that continue to maintain this capability.”

Nakasone, who led NSA and CYBERCOM from 2018 until early last year and is now founding director of Vanderbilt University’s Institute for National Defense and Global Security, said he fears the threats of the future are only going to get more dangerous.

In a wide-ranging speech and interview, Nakasone also talked about Trump administration moves and the shape of cyber offensive operations.

02/23/2025

A longtime former employee of the Cybersecurity and Infrastructure Security Agency, an agency in the midst of curtailing its anti-misinformation and disinformation work under President Donald Trump, has found himself being misidentified online as a key figure in another Trump administration battle.

On social media and in some news outlets, Ross Foard, a former CISA information security specialist, is being falsely identified as Leland Dudek, acting head of the Social Security Administration. Dudek, who reportedly covertly helped the Elon Musk-tied Department of Government Efficiency, said he was placed on administrative leave before being named acting head of the agency.

Images of Foard identifying him as Dudek on the Musk-owned X — most of them with a CISA flag visible in the background — prompted Foard to respond Thursday. https://scoopmedia.co/4id1KSd

02/22/2025

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday.

Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks.

Cybersecurity vendors shipped products that ultimately accounted for and became the initial access vector for the majority of the most significant attack campaigns last year, the report shows. https://scoopmedia.co/4hFFfoZ

02/22/2025

Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we use to stop attackers. Meanwhile, attackers have no such constraints. https://scoopmedia.co/438Orxz

02/22/2025

CyberScoop’s newest reporter, Matt Kapko, joins Editor-in-Chief Greg Otto to discuss the latest developments in cybercrime.

Key insights from this episode:�
🔹 Google Threat Intelligence Group reports Russian state threat groups are exploiting Signal’s link device feature to compromise accounts used by Ukrainian military and government personnel.�🔹 Microsoft highlights a shift in tactics by Sandworm, a Russian state threat group, expanding its targeting to the U.S., Canada, Australia, and the U.K.�
🔹 Darktrace identifies edge device vulnerabilities—such as firewalls, VPNs, and routers—as key targets in last year’s most consequential cyberattacks.

Watch the full episode for expert insights into these evolving cyber threats. https://youtu.be/OX5nkAHThx8?si=N6XDaRoAZVdSOmSB

Don’t forget to subscribe and follow us
🍏 Apple Podcasts: https://podcasts.apple.com/us/podcast/fbis-cynthia-kaiser-on-salt-typhoons-indiscriminate/id1691749366?i=1000694474019
🟢 Spotify: https://open.spotify.com/episode/5WFtwW2ZT3Gs4xFmfOYjZt?si=0820d814d9c74c2f
📺 YouTube: https://www.youtube.com/playlist?list=PLV27Q86qVNoCpa9eVq17enW1gMgZBm0aW

02/22/2025

Federal agencies need help from stakeholders outside of government to solve some of the harder technical barriers in setting up zero-trust architecture in their networks, the Department of Energy’s chief information security officer said Wednesday.

Speaking at CyberScoop’s Zero Trust Summit in Washington D.C., Paul Selby urged technology manufacturers and experts to work with federal agencies to develop technologies and protocols that address the limitations of legacy systems — including operational technology — that are still prevalent in the energy sector.

“There’s no question that the legacy environment and the technical debt in the government is a huge problem, and we need the vendor community to help us overcome this,” Selby said. https://scoopmedia.co/4gVBb2P

02/22/2025

In a wide-ranging speech and interview, Nakasone also talked about Trump administration moves and the shape of cyber offensive operations.

In a wide-ranging speech and interview, Nakasone also talked about Trump administration moves and the shape of cyber offensive operations.

02/22/2025

Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday.

“This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said in an email to CyberScoop. https://scoopmedia.co/435YZgW

02/22/2025

On the latest episode of the Safe Mode podcast, Cynthia Kaiser discusses the scope of the Salt Typhoon breach, which the FBI has attributed to actors affiliated with the Chinese government. Her remarks, originally delivered at CyberScoop’s Zero Trust Summit, detail how this cyber espionage campaign involved the compromise of telecom networks and the collection of call records, IP addresses, and other sensitive data.

Kaiser also highlights broader cybersecurity challenges, including the importance of Zero Trust security strategies, cyber hygiene, and collaboration with the FBI to strengthen defenses.

Additionally, CyberScoop’s newest cybercrime reporter, Matt Kapko, joins Greg Otto for a reporter chat on Russian nation-state cyber activity, providing insights into emerging cyber threats and trends.

📺 Watch the full episode of Safe Mode: https://youtu.be/OX5nkAHThx8?si=N6XDaRoAZVdSOmSB

Don’t forget to subscribe and follow us
🍏 Apple Podcasts: https://podcasts.apple.com/us/podcast/fbis-cynthia-kaiser-on-salt-typhoons-indiscriminate/id1691749366?i=1000694474019
🟢 Spotify: https://open.spotify.com/episode/5WFtwW2ZT3Gs4xFmfOYjZt?si=0820d814d9c74c2f
📺 YouTube: https://www.youtube.com/playlist?list=PLV27Q86qVNoCpa9eVq17enW1gMgZBm0aW