Cybersecurity

The U.S. government, via the Federal Communications Commission (FCC), recently banned the sale of equipment from Chinese telecommunications and video surveillance vendors Huawei, ZTE, Hytera, Hikvision, and Dahua due to “unacceptable risks to national security.” Last week, the FCC adopted new rules prohibiting the aforementioned communications equipment being authorized for importation or sale in the country.

DEV-0569, a threat group/actor that Microsoft is tracking has become quite nimble in its tactics, which includes the deployment of Royal ransomware and other malicious payloads. According to Microsoft, DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation. Current behaviors currently attributed to DEV-0569 include, but are not limited to:

As the holiday shopping season approaches everyone should be on the lookout for holiday shopping scams. Be aware of those “too good to be true” spam and scams from suspicious sites, phishing emails, or online ads offering items at inconceivable discounts. Threat actors have gotten good at disguising their campaigns to fit in with the legitimate messages and use the hustle and bustle of the shopping season to hope we don’t notice their scams.

To safely shop online, remember:

Last week, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain, titled Securing Software Supply Chain Series - Recommended Practices Guide for Customers.