New TSA Cybersecurity Directives Coming for Rail, Aviation Organizations

DOJ unveils two initiatives to tackle cybersecurity, Telegraph leaks massive amount of data, Ruler of Dubai used NSO's Pegasus to spy on ex-wife, EU adopts wide ban on facial recognition, much more

Check out my latest column on the TSA’s upcoming cybersecurity directives on rail transport and aviation organizations.

At the Billing Cybersecurity Summit, Homeland Security Secretary Alejandro Mayorkas announced that the Transportation Safety Administration would issue new cybersecurity directives that introduce regulations for rail transport and aviation operators.

The new directives will require most critical rail and transit systems to identify a cybersecurity point person, report incidents to the Cybersecurity and Infrastructure Security Agency (CISA), and create an incident recovery plan. In addition, for “lower-risk” rail entities, TSA will issue voluntary guidance that “encourages, rather than requires” these companies to take the same measures.

TSA plans to issue new requirements for critical U.S. airport operators and air passenger and cargo companies to designate a cybersecurity coordinator and report cyber incidents to CISA. (Ellen Nakashima / Washington Post)

Related: FedScoop, The Hill: Cybersecurity, The Record by Recorded Future, BGOV, CNN.com, Voice of America, MarketScreener.com, Cybersecurity| Reuters.com, Washington Post, Stars and Stripes, Bloomberg, DHS, CSO Online

Deputy Attorney General Lisa Monaco said that the Justice Department is creating a new team to investigate and prevent hackers from using cryptocurrency exchanges to remain anonymous while extorting money from victims of their attacks.

Monaco also announced that the Justice Department has created a new cybersecurity fraud initiative to bring civil prosecutions against government contractors that hide their cybersecurity vulnerabilities or fail to report hacking attacks. (Chris Strohm / Bloomberg)

Related: Geek News Central, Business Insider, Decrypt, The Mac Observer, Invezz, Protocol, The Record by Recorded Future, The Block, Protocol, Executive Biz, Reddit - cybersecurity, The Hill, Associated Press Technology, WRAL Tech Wire, Security Week, Justice Department, Meritalk, Nextgov, Slashdot

Cybersecurity researcher Bob Diachenko discovered that one of the U.K.’s most prominent newspapers and online media outlets, the Telegraph, leaked 10 TB of data after failing to secure one of its databases properly.

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, I.P. addresses, authentication tokens, and unique reader identifiers. (Bill Toulas / Bleeping Computer)

Related: The Register

Someone has been live-streaming their game sessions on the official Facebook account for the USS Kidd, and as of Wednesday, the U.S. Navy still had not regained control of their account.

The live stream first appeared on the USS Kidd’s Facebook account on Sunday at 10:26 p.m. with the gleeful caption: “Hahahaha.” (James Clark / Task and Purpose)

Related: KnowTechie, Motherboard, Slashdot

The Family Division of the High Court in the U.K. found that the ruler of Dubai, Sheikh Mohammed Al Maktoum, interfered with British justice by ordering the hacking of the phone of his ex-wife, Princess Haya of Jordan, two of her solicitors, her assistant, and two members of her security staff.

The court ruled that the victims had been the subject of either successful or attempted infiltration by Pegasus surveillance software supplied by the Israeli spyware group NSO. Princess Haya said the discovery had made her feel "hunted and haunted.” Sheikh Mohammed denied any knowledge of the hacking. (Frank Gardner / BBC News)

Related: Daily Mail, ynet - News, ABC.net.au, ABC.net.au, Bloomberg Technology, TODAYonline, New York Times, Sky News, Financial Times, Haaretz.com, Reuters: World News, Associated Press Technology, euronews, Daily Beast, The Times of Israel, The New Arab, Washington Post, Stars and Stripes, New York Post, The Independent, New York Post, The Independent, Jerusalem Post, South China Morning Post, Channel 4 News, CNN.com, Alghadeer TV, RTE, MacDailyNews, Judiciary.uk

In an overwhelmingly favored resolution, the European Parliament called for a ban on police use of facial recognition technology in public places and on predictive policing, a controversial practice that involves using A.I. tools in hopes of profiling potential criminals before a crime is even committed.

The parliament’s members also asked for a ban on private facial recognition databases, such as those used by the controversial company Clearview AI. (Melissa Heikilla / Politico E.U.)

Related: Silicon Republic, Engadget, BiometricUpdate, Bleeping Computer, The Next Web, European Parliament

Medical device maker Medtronic issued an urgent recall of the remote controller for specific insulin pumps because they’re vulnerable to hacks. However, the company is not aware of any situation in which the devices have been hacked.

The vulnerability in the pumps was discovered in 2018 when Medtronic told users to disable the remote control when they weren’t using it. However, the company has gone further and said that the remote control shouldn’t be used at all. (Nicole Wetsman / The Verge)

Related: DataBreachToday.com, Becker's Hospital Review, Bleeping Computer, Medtronic

The Senate Homeland Security and Governmental Affairs Committee approved the Cyber Incident Reporting Act, which requires many companies to report significant cybersecurity breaches and payments made related to ransomware attacks.

The bill requires owners and operators of critical infrastructure groups to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. It also requires critical infrastructure groups, nonprofits, and most medium to large businesses to report making ransomware attack payments within 24 hours. (Maggie Miller / The Hill)

Related: Meritalk, InsideCyberSecurity.com, Bloomberg Technology

Researchers at Mandiant say that the Russian hacking group behind the SolarWinds breach, APT 29, also known as Cozy Bear, has tried to infiltrate U.S. and European government networks in recent months.

The group has compromised multiple government entities, organizations that focus on political and foreign policy matters, and technology providers that provide direct or indirect access to the ultimate target organizations within North America and Europe. (Sean Lyngaas / CNN)

Researchers at Cybereason Nocturnus and Incident Response Teams discovered a new threat actor running cyber espionage campaigns since at least 2018. They made this discovery while investigating malware targeted at the aerospace and telecommunications industries in what is known as Operation GhostShell.

The researchers attributed the malware, dubbed ShellClient, to MalKamak. This previously undisclosed threat actor used it for reconnaissance operations and for stealing sensitive data from targets in the Middle East, the U.S., Russia, and Europe. Although MalKamak might be connected to known Iranian threat actors, the researchers concluded that MalKamak is a new and distinct activity group. (Ionut Ilascu / Bleeping Computer)

Related: Dark Reading, Cybereason

Security DevOps Mondoo has raised $15 million in seed and Series A funding rounds.

European VC Atomico led the investments with participation by numerous other investors, including Tom Killalea, MongoDB Chairman; Marianna Tessel, Cisco board member and Intuit CTO; Vanessa Pegueros, OneLogin (and former Docusign) CISO; Dr. Nicole Forsgren, Github and Microsoft V.P. of Research; Bradley Horowitz, Google V.P. of Product; Andrew Clay Shafer, Red Hat V.P. of transformation; Mirko Novakovic, Instana co-founder; Eric Quidenus-Wahlforss, SoundCloud and Dance cofounder. (Michael Stothard / Sifted)

Related: Security Week, Venture Beat

Photo by Akshay Nanavati on Unsplash