Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer of hard work and exposure to potential embarrassment when the details are out there for all to see.

But legislators have been pushing enterprise executives to share more information about security incidents and they’re creating new requirements in the United States and around the world to mandate the disclosure of such information. Why?

To read this article in full, please click here

Estonian national Andrey Shevlyakov has been indicted on 18 counts of conspiracy
and other charges in the United States for allegedly helping the Russian
government and military procure US-made electronics.

Authorities apprehended the 45-year-old suspect in Tallinn, Estonia, on March
28; if pronounced guilty, Shevlyakov could spend 20 years in prison.

Allegedly, Shevlyakov acted as the middleman between various US electronics
suppliers and the Russian government, acquiring sensitive technology

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers.
The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary

Just days after patching two nasty security bugs in iPhones and Macs
[https://www.bitdefender.com/blog/hotforsecurity/hackers-exploiting-two-new-zero-days-in-ios-16-and-macos-ventura-patch-now/]
, Apple is now rolling out separate updates to patch older hardware against the
flaws. Users are strongly encouraged to install the updates sooner rather than
later.

CVE-2023-28206 and CVE-2023-28205 were reported by Clément Lecigne of Google’s
Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty I

A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation. A cyberattack blocked several controllers for irrigating fields in the Jordan Valley. The systems operated by the Galil Sewage Corporation monitor the irrigation process and wastewater treatment in the Jordan Valley. The company experts […]

The post A cyber attack hit the water controllers for irrigating fields in the Jordan Valley appeared first on Security Affairs.

Microsoft and others are doubling down on incident response, adding services and integrating programs to make security analysts and IR engagements more efficient.

The IRS Phone Scam: Understanding the Tactics Used by Fraudsters
IdentityIQ

Tax season allows con artists to scam taxpayers out of their hard-earned money each year in the United States. These scams range from simple to sophisticated, but many are initiated using a single phone call. Here’s how phone fraudsters are targeting taxpayers this tax season and how you can spot an IRS phone scam. […]

The post The IRS Phone Scam: Understanding the Tactics Used by Fraudsters appeared first on IdentityIQ written by Brian Acton