Infosec news

Here are some recent infosec news stories:

Cybersecurity Incidents

• Colonial Pipeline Ransomware Attack: The Colonial Pipeline, which transports gasoline and other refined petroleum products from Houston, Texas to Linden, New Jersey, was hit by a ransomware attack in May 2021. The attack caused the company to shut down its operations, leading to widespread fuel shortages and price increases along the East Coast. (Source: CNN)
• Microsoft Exchange Server Vulnerabilities: In March 2021, Microsoft announced that it had discovered four zero-day vulnerabilities in its Exchange Server software. The vulnerabilities, which were exploited by hackers, allowed attackers to gain access to email accounts and steal sensitive information. (Source: The Verge)
• SolarWinds Hack: In December 2020, it was revealed that a sophisticated hacking campaign had compromised the software supply chain of SolarWinds, a company that provides IT management software to government agencies and private companies. The hack, which was attributed to Russian hackers, allowed attackers to gain access to sensitive information and potentially compromise the security of the affected organizations. (Source: The New York Times)

New Threats and Vulnerabilities

• Log4j Vulnerability: In December 2021, a critical vulnerability was discovered in the Log4j logging library, which is widely used in many software applications. The vulnerability, which allows attackers to execute arbitrary code, has been exploited by hackers and has led to widespread concerns about the potential for widespread attacks. (Source: The Register)
• New Ransomware Family: In November 2021, a new ransomware family called "DarkSide" was discovered. The ransomware, which is believed to be operated by a group of hackers, has been used to attack a number of organizations, including a major hospital in the United States. (Source: CyberScoop)
• New Malware Family: In October 2021, a new malware family called "Ransomware-as-a-Service" (RaaS) was discovered. The malware, which is designed to be easy to use and deploy, has been used to attack a number of organizations, including a major financial institution in the United States. (Source: Bleeping Computer)

Cybersecurity Regulations and Compliance

• GDPR Fines: In October 2021, the European Union's data protection authority, the European Data Protection Board (EDPB), announced that it had fined a number of organizations for violating the General Data Protection Regulation (GDPR). The fines, which ranged from €50,000 to €10 million, were imposed for a variety of violations, including failing to provide adequate data protection and failing to notify data breaches. (Source: The Verge)
• California Consumer Privacy Act (CCPA): In September 2021, the California Attorney General's office announced that it had fined a number of organizations for violating the California Consumer Privacy Act (CCPA). The fines, which ranged from $2,500 to $7.5 million, were imposed for a variety of violations, including failing to provide adequate data protection and failing to notify data breaches. (Source: CyberScoop)
• New Cybersecurity Regulations: In August 2021, the US Department of Defense (DoD) announced that it had issued new cybersecurity regulations for its contractors. The regulations, which are designed to improve the security of DoD contractors' networks and systems, require contractors to implement a number of security controls, including multi-factor authentication and encryption. (Source: Federal News Network)

Cybersecurity Tools and Technologies

• AI-Powered Cybersecurity: In October 2021, a number of companies announced the development of AI-powered cybersecurity tools. The tools, which are designed to detect and respond to cyber threats more quickly and effectively, use machine learning algorithms to analyze network traffic and identify potential security threats. (Source: The Verge)
• Quantum Computing and Cybersecurity: In September 2021, a number of companies announced the development of quantum computing-based cybersecurity tools. The tools, which are designed to detect and respond to cyber threats more quickly and effectively, use quantum computing algorithms to analyze network traffic and identify potential security threats. (Source: CyberScoop)
• 5G and Cybersecurity: In August 2021, a number of companies announced the development of 5G-based cybersecurity tools. The tools, which are designed to detect and respond to cyber threats more quickly and effectively, use 5G network capabilities to analyze network traffic and identify potential security threats. (Source: Federal News Network)

I hope this information is helpful!