Cybersecurity Snapshot: FTC Believes TikTok Broke U.S. Law, Asks Justice Dept. To Intervene, while French Cyber Agency Warns About Nobelium / Midnight Blizzard
2024-6-21 21:0:0 Author: www.tenable.com(查看原文) 阅读量:8 收藏

TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe – or maybe not. And much more!

Dive into six things that are top of mind for the week ending June 21.

1 - FTC: TikTok may have broken the law

TikTok, already in hot water with the U.S. federal government over privacy and security concerns, may face even deeper troubles soon.

The U.S. Federal Trade Commission (FTC) said this week that it has “reason to believe” TikTok is violating or will soon violate federal law. As a result, the FTC has referred a complaint against the social media giant and its parent company ByteDance to the Justice Department.

“Although the Commission does not typically make public the fact that it has referred a complaint, we have determined that doing so here is in the public interest,” the FTC said in a statement.

FTC: TikTok may have broken the law


The FTC’s probe of TikTok dates back to 2019, when ByteDance and its now shuttered service Musical.ly settled with the FTC over allegations they had violated the Children’s Online Privacy Protection Act (“COPPA”) in 2019.

This year, President Biden signed a bill into law that would ban TikTok from the U.S. unless ByteDance sells its U.S. TikTok operations by Jan. 19, 2025. ByteDance is challenging the law in a U.S. appeals court.

For more information about privacy and security concerns around TikTok:

VIDEO

The data security concerns surrounding social media app TikTok (The Financial Times)

2 - French cyber agency warns about Russia-backed Nobelium / Midnight Blizzard

The nation-state cybercrime group Nobelium, also known as Midnight Blizzard, is a major threat to the national security of France and of European countries in general, France’s cybersecurity agency warned this week in a report.

Specifically, Nobelium is launching cyber espionage attacks on behalf of Russia’s intelligence agency against government and diplomatic targets in France and elsewhere in Europe, according to the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI).

“Most of Nobelium campaigns against diplomatic entities use compromised legitimate email accounts belonging to diplomatic staff, and conduct phishing campaigns against diplomatic institutions, embassies and consulates,” reads ANSSI’s report.
 

French cyber agency warns about Russia-backed Nobelium

In recent years, Nobelium, also known as CozyBear and APT29, has attacked French and European embassies, foreign affairs ministries and government agencies, as well as private-sector targets including Microsoft.

“ANSSI has observed a high level of activities linked to Nobelium against the recent backdrop of geopolitical tensions, especially in Europe, in relation to Russia’s aggression against Ukraine,” the report reads.

For more information about Nobelium / Midnight Blizzard:

3 - How do orgs handle unpatched vulnerabilities? Check out this Tenable poll

For security teams and vulnerability management pros in particular, it’s a critical issue: One of your organization’s software vendors decides not to patch a vulnerability, for whatever reason. For example, maybe the product in question is entering its end-of-life phase and the vendor won’t issue patches for it anymore. Whatever the case, the question remains: What does your organization do?

At several recent Tenable webinars, we asked attendees whether they have a policy for this type of situation. Check out what they said!

How do orgs handle unpatched vulnerabilities?

(466 webinar attendees polled by Tenable, June 2024)

For more information about detecting, prioritizing and fixing vulnerabilities, check out these Tenable resources:

4 - Survey: Cybersecurity tops IT investment priorities among industrial and manufacturing orgs

For the fourth straight year, cybersecurity ranked as the number-one priority for technology investments in the industrial and manufacturing sector.

That’s according to a survey of more than 200 senior IT decision makers from industrial and manufacturing organizations conducted by IoT Analytics, a market research firm focused on IoT applications, platforms, hardware and connectivity.

In addition to ranking first as technology investment priority, cybersecurity is also a major concern for original equipment manufacturers (OEMs) developing connected IoT products. Cybersecurity is also a critical factor for buyers of enterprise IoT products.

Cybersecurity tops IT investment priorities among industrial and manufacturing orgs

(Source: IoT Analytics, June 2024)

To get more details, read IoT Analytics’ article “Top 5 enterprise technology priorities: AI on the rise, but cybersecurity remains on top.

For more information about IoT cybersecurity:

5 - Report: LockBit bounced back in May – or did it?

LockBit 3.0 ranked first among ransomware attackers in May, as overall ransomware activity reached its highest levels ever. That’s according to the “Monthly Threat Pulse” report for May from the NCC Group’s Global Threat Intelligence team.

Global ransomware attacks spiked 32% compared with April 2024, helped by an apparent resurgence of LockBit 3.0, which was responsible for 37% of attacks. LockBit 3.0’s attack volume skyrocketed 665% compared with April.

LockBit bounced back in May – or did it?

However, the report leaves the door open for the possibility that LockBit 3.0 may be exaggerating the number of attacks it’s responsible for. LockBit 3.0’s operations and infrastructure have been disrupted this year by cybersecurity agencies from multiple countries.

“It’s possible that amidst law enforcement action, LockBit not only retained its most skilled affiliates but also attracted new ones, signaling their determination to persist. Alternatively, the group might be inflating their numbers to conceal the true state of their organization,” Matt Hull, NCC Group’s Global Head of Threat Intelligence, said in a statement, adding that the picture will become clearer in the coming months.

Other insights from the report include:

  • The industrials sector ranked first among ransomware targets, receiving 30% of attacks in May.
  • South America experienced a significant increase in ransomware attacks, with a 60% increase compared with April.
  • The ransomware groups Play and RansomHub ranked second and third in attacks in May.

For more information about ransomware trends:

6 - CISA: Best practices for network access security

How can organizations effectively protect their hybrid networks from cyberattacks? The new “Modern Approaches to Network Access Security” publication aims to answer that question.

Issued jointly this week by cybersecurity agencies from the U.S., Canada and New Zealand, the 12-page document argues that relying on virtual private networking (VPN) and remote access to secure networks is no longer sufficient.

Instead, the cybersecurity agencies recommend that organizations consider adopting zero trust, secure service edge (SSE) and secure access service edge (SASE), which they say provide better visibility of network activity and stronger protections.

“Additionally, this guidance helps organizations to better understand the vulnerabilities, threats, and practices associated with traditional remote access and VPN deployment, as well as the inherent business risk posed to an organization’s network by remote access misconfiguration,” reads a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

In addition, the publication offers network-security best practices including:

  • Adopt a centralized management solution as well as network segmentation.
  • Develop, update and practice IT and operational technology (OT) incident response plans.
  • For public-facing assets, run automated vulnerability scans and disable unnecessary operating-system applications and network protocols.
  • Adopt strong identity and access management (IAM) security with phishing-resistant multi-factor authentication (MFA)
  • Adopt a principle of least privilege for user access.

Juan Perez

Juan Perez

Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.


文章来源: https://www.tenable.com/blog/cybersecurity-snapshot-ftc-believes-tiktok-broke-u-s-law-asks-justice-dept-to-intervene-while
如有侵权请联系:admin#unsafe.sh