13 March 2022

ROUND-UP OR REPORTS + ARTICLES FROM BLEEPING COMPUTER

Intro: First a featured post about actions taken by the Security & Exchange Commission with this prologue:

Timely disclosure to keep investors informed

These proposed amendments are designed to provide investors with timely notifications of security breaches affecting listed companies and better inform them regarding their cybersecurity risk management and strategy.

If the rules are revised as the SEC wants, the new regulations [PDF] would require disclosing the following information about breaches (if the information is available when the 8-K forms are filed):

  • When the incident was discovered and whether it is ongoing;
  • A brief description of the nature and scope of the incident;
  • Whether any data was stolen, altered, accessed, or used for any other unauthorized purpose;
  • The effect of the incident on the registrant's operations;
  • Whether the registrant has remediated or is currently remediating the incident.

However, companies affected by a breach are not expected to reveal technical information regarding their planned incident response or details on potential vulnerabilities to impact their response or remediation of the incident.

"Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. A lot of issuers already provide cybersecurity disclosure to investors," SEC Chair Gary Gensler added.

"I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.

"I am pleased to support this proposal because, if adopted, it would strengthen investors' ability to evaluate public companies' cybersecurity practices and incident reporting."

SEC wants public companies to report breaches within four days

The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident (one that shareholders would likely consider important).

"In some cases, the date of the registrant’s materiality determination may coincide with the date of discovery of an incident, but in other cases the materiality determination will come after the discovery date," the Wall Street watchdog explained.

According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K.

The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

The SEC wants public companies to share regular disclosures regarding their management's role in implementing cybersecurity procedures and policies, as well as on their board of directors' cybersecurity expertise and oversight of cybersecurity risk.

"We believe that the proposed requirement to file an Item 1.05 Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident would significantly improve the timeliness of cybersecurity incident disclosures, as well as provide investors with more standardized and comparable disclosures," the regulator said [PDF].

PLEASE NOTE THIS

Malware disguised as security tool targets Ukraine's IT Army

  • March 10, 2022
  • 03:26 PM

Ukraine IT Army hacker

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.

Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.

This initiative has led to a outpouring of support by many people worldwide who have been helping target Russian organizations and sites, even if that activity is considered illegal.

Mimicking a real DDoS tool

As is common with malware distributors, threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing trojan.

In a new report by Cisco Talos, researchers warn that threat actors are mimicing a DDoS tool called the “Liberator”, which is a website bomber for use against Russian propaganda outlets.

The Liberator on its actual website
The Liberator on its actual website (Cisco)

While the versions downloaded from the real site are “clean”, and likely illegal to use, those circulated in Telegram hide malware payloads, and there’s no way to tell the difference before executing them as neither is digitally signed.

 

LATEST ARTICLES

Technology

Russia bans Instagram, a week after blocking Facebook, Twitter

Russian Internet watchdog Roskomnadzor announced that Instagram will also be banned in Russia one week after blocking the Facebook and Twitter social networks.

Seagull Disinformation Propaganda

Technology

DuckDuckGo down-ranks sites spreading Russian propaganda

The DuckDuckGo web search engine is now demoting websites known to spread Russian propaganda following Russia's invasion of Ukraine, according to the company's founder and CEO Gabriel Weinberg.

Airplane GPS

 

Finnish govt agency warns of unusual aircraft GPS interference

Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border.

  • ONE PIECE

    New ONE PIECE anime episodes delayed after Toei cyberattack

    Anime giant Toei suffered a weekend cyberattack causing delays in airing new episodes of popular anime series, including ONE PIECE and Delicious Party Precure.

  • Rostec

    Russian defense firm Rostec shuts down website after DDoS attack

    Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack."

  • No comments: