CyberScoop

Yesterday at the iconic Andrew W. Mellon Auditorium, #CyberTalks brought together the top minds in cybersecurity to address the critical challenges of our interconnected world. The morning sessions were packed with invaluable insights, as experts tackled today’s most pressing issues. From exploring the ever-evolving landscape of ransomware threats and implementing zero trust principles to strategizing ways to secure agency networks against sophisticated attacks, the discussions were both timely and impactful. Our speakers assessed the global threat landscape, highlighted the importance of protecting supply chains from emerging cyber risks, and shared advancements in federal cyber policy essential for fostering a resilient digital future. Following the morning sessions, we celebrated #CyberWeek and honored the 2024 #CyberScoop50 award winners, recognizing standout achievements across government, industry, and innovation in cybersecurity. A special thank you to our attendees, speakers—including Harry Coker, Jr., Clare Martorana, Ami Luttwak, Jennifer Franks, Erin Joe, Terry Kalka, Christine Halvorsen, Shelly Hartsook, Lamont Copeland, Lt. Col. Andrew Wonpat, Anne Marie Schumann, Trevor Brenn, Wole Moses, Laura Galante, Nick P., Cherilyn Pascoe, Dr. Matthew McFadden, Cynthia Kaiser, Eric Trexler, Morgan Adamski, Marcos Rogers, Iranga Kahangama, Michael Duffy—and partners, including Wiz, Google For Government - Google Cloud, Okta, Cisco, General Dynamics Information Technology, Palo Alto Networks, Varonis, and Verizon Business. Your dedication to advancing cybersecurity and building resilient infrastructures is creating a safer future for all. Want to attend more of our events? See what’s coming up next: cyberscoop.com/attend

China’s elite government-backed hackers are using legitimate VPN tools to camouflage their presence on the expanding list of victim networks, according to a new report from the cybersecurity firm ESET. Released Thursday, ESET’s report on the latest state-backed cybersecurity threats detail a growing target list that experts believe is a concerted effort to further Beijing’s intelligence goals. The Chinese-linked group, referred to as MirrorFace, typically targets the region around Japan, however MirrorFace was recently seen targeting an organization in the European Union. https://lnkd.in/eeTn4QfZ

Executive branch agencies were briefing a slate of House committees Thursday about a Chinese hack that infiltrated major telecommunications companies and reportedly targeted the phones of top members of the Donald Trump campaign — including the president-elect himself — and top U.S. officials, according to a source familiar with the plans. The committees receiving the briefing are the Energy and Commerce, Homeland Security, Intelligence and Judiciary panels, as well as the Appropriations subcommittees that oversee spending at the Department of Homeland Security, the Commerce Department, the Justice Department and science budgets, and the Select Committee on the Chinese Communist Party. https://lnkd.in/eWNTjeFp

The Transportation Security Administration issued long-waited proposed cyber mandates Thursday that would set in stone, harmonize, and add to the emergency security directives first issued following the Colonial Pipeline ransomware attack in 2021. The notice of proposed rulemaking (NOPR) will serve as one of the last major policy actions the Biden administration will take to protect critical infrastructure from malicious cyberattacks before President-elect Donald Trump takes office. https://lnkd.in/eUgmnwwj

Congratulations to Paul Blahusch, director of cybersecurity and chief information security officer at the U.S. Department of Labor! We are honored to announce his #CyberScoop50 award from CyberScoop.

Canadian authorities have arrested a person suspected of orchestrating a series of data exfiltration attacks targeting customers of the data storage firm Snowflake. Alexander “Connor” Moucka was taken into custody Oct. 30, based on a provisional arrest warrant, according to Canada’s Department of Justice. He is scheduled to appear in court Tuesday. The Canadian Department of Justice confirmed to CyberScoop that the arrest was carried out at the request of the United States. https://lnkd.in/eDkQUCSA

Multinational energy management company Schneider Electric said Tuesday it was the victim of a cyberattack, with attackers behind a new ransomware variant claiming responsibility. “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” a spokesperson said in an emailed statement. “Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.” https://lnkd.in/ehkawWcm

Android’s monthly security bulletin published Monday warns of two vulnerabilities with “limited, targeted exploitation” in the wild. One vulnerability impacts Qualcomm chipsets via a use-after-free vulnerability in its FastRPC driver. Designated as CVE-2024-43047, the bug was reported to be under active exploitation in early October and is rated “high” severity with a CVSS score of 7.8. https://lnkd.in/eT-gMw-c

China’s elite government-backed hackers are using legitimate VPN tools to camouflage their presence on the expanding list of victim networks, according to a new report from the cybersecurity firm ESET. Released Thursday, ESET’s report on the latest state-backed cybersecurity threats detail a growing target list that experts believe is a concerted effort to further Beijing’s intelligence goals. The Chinese-linked group, referred to as MirrorFace, typically targets the region around Japan, however MirrorFace was recently seen targeting an organization in the European Union. https://lnkd.in/ekipBfxB

Executive branch agencies were briefing a slate of House committees Thursday about a Chinese hack that infiltrated major telecommunications companies and reportedly targeted the phones of top members of the Donald Trump campaign — including the president-elect himself — and top U.S. officials, according to a source familiar with the plans. The committees receiving the briefing are the Energy and Commerce, Homeland Security, Intelligence and Judiciary panels, as well as the Appropriations subcommittees that oversee spending at the Department of Homeland Security, the Commerce Department, the Justice Department and science budgets, and the Select Committee on the Chinese Communist Party. https://lnkd.in/ezPexTGP