ROUND-UP OR REPORTS + ARTICLES FROM BLEEPING COMPUTER

Intro: First a featured post about actions taken by the Security & Exchange Commission with this prologue:

Timely disclosure to keep investors informed

These proposed amendments are designed to provide investors with timely notifications of security breaches affecting listed companies and better inform them regarding their cybersecurity risk management and strategy.

If the rules are revised as the SEC wants, the new regulations [PDF] would require disclosing the following information about breaches (if the information is available when the 8-K forms are filed):

• When the incident was discovered and whether it is ongoing;
• A brief description of the nature and scope of the incident;
• Whether any data was stolen, altered, accessed, or used for any other unauthorized purpose;
• The effect of the incident on the registrant's operations;
• Whether the registrant has remediated or is currently remediating the incident.

However, companies affected by a breach are not expected to reveal technical information regarding their planned incident response or details on potential vulnerabilities to impact their response or remediation of the incident.

"Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. A lot of issuers already provide cybersecurity disclosure to investors," SEC Chair Gary Gensler added.

"I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.

"I am pleased to support this proposal because, if adopted, it would strengthen investors' ability to evaluate public companies' cybersecurity practices and incident reporting."

SEC wants public companies to report breaches within four days

Sergiu Gatlan

BleepingComputer |

The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident (one that shareholders would likely consider important).

"In some cases, the date of the registrant’s materiality determination may coincide with the date of discovery of an incident, but in other cases the materiality determination will come after the discovery date," the Wall Street watchdog explained.

According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K.

The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

The SEC wants public companies to share regular disclosures regarding their management's role in implementing cybersecurity procedures and policies, as well as on their board of directors' cybersecurity expertise and oversight of cybersecurity risk.

"We believe that the proposed requirement to file an Item 1.05 Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident would significantly improve the timeliness of cybersecurity incident disclosures, as well as provide investors with more standardized and comparable disclosures," the regulator said [PDF].

PLEASE NOTE THIS

Malware disguised as security tool targets Ukraine's IT Army

By Bill Toulas

• March 10, 2022
• 03:26 PM

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.

Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.

This initiative has led to a outpouring of support by many people worldwide who have been helping target Russian organizations and sites, even if that activity is considered illegal.

Mimicking a real DDoS tool

As is common with malware distributors, threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing trojan.

In a new report by Cisco Talos, researchers warn that threat actors are mimicing a DDoS tool called the “Liberator”, which is a website bomber for use against Russian propaganda outlets.

The Liberator on its actual website (Cisco)

While the versions downloaded from the real site are “clean”, and likely illegal to use, those circulated in Telegram hide malware payloads, and there’s no way to tell the difference before executing them as neither is digitally signed.

 

LATEST ARTICLES

• 
  Security

  VPN provider bans BitTorrent after getting sued by film studios

  "No logs" VPN provider TorGuard has reached a legal settlement with over two dozen movie studios that sued the company for encouraging piracy and copyright infringement. In the settlement, TorGuard has agreed to block BitTorrent traffic for its users.

  • Ax Sharma
  • March 12, 2022
  • 11:01 AM
  • 1
• 
  Security, Mobile

  Android malware Escobar steals your Google Authenticator MFA codes

  The Aberebot banking trojan appears to have returned, as its author is actively promoting a new version of the tool on dark web markets and forums.

  • Bill Toulas
  • March 12, 2022
  • 10:12 AM
  • 0 
• 
  Security

  Ubisoft confirms 'cyber security incident', resets staff passwords

  Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident.

  • Ax Sharma
  • March 12, 2022
  • 01:16 AM
  • 0
• 
  Microsoft

  Windows 11 gets a new tabbed interface for File Explorer

  Microsoft is testing a hidden feature that enables a new tabbed interface for Windows 11's File Explorer, which has been highly requested for years.

  • Lawrence Abrams
  • March 11, 2022
  • 04:42 PM
  • 0

Technology

Russia bans Instagram, a week after blocking Facebook, Twitter

Russian Internet watchdog Roskomnadzor announced that Instagram will also be banned in Russia one week after blocking the Facebook and Twitter social networks.

• Sergiu Gatlan
• March 11, 2022
• 01:53 PM
• 0

Technology

DuckDuckGo down-ranks sites spreading Russian propaganda

The DuckDuckGo web search engine is now demoting websites known to spread Russian propaganda following Russia's invasion of Ukraine, according to the company's founder and CEO Gabriel Weinberg.

• Sergiu Gatlan
• March 11, 2022
• 12:09 PM
• 5

 

Technology

Finnish govt agency warns of unusual aircraft GPS interference

Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border.

• Bill Toulas
• March 11, 2022
• 10:55 AM
• 0

Security

New ONE PIECE anime episodes delayed after Toei cyberattack

Anime giant Toei suffered a weekend cyberattack causing delays in airing new episodes of popular anime series, including ONE PIECE and Delicious Party Precure.

• Bill Toulas
• March 11, 2022
• 10:09 AM
• 0

Security

Russian defense firm Rostec shuts down website after DDoS attack

Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack."

• Sergiu Gatlan
• March 11, 2022
• 09:50 AM
• 1