FISA

The Australian government has introduced the country’s first standalone cybersecurity law to Parliament.The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment. The Cyber Security Bill 2024 covers a range of areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical infrastructure organizations. Additionally, the legislation will establish a Cyber Incident Review Board to conduct post-incident reviews into significant cybersecurity incidents and a ‘limited use’ obligation that restricts how incident information provided to the National Cyber Security Coordinator can be used and shared with other government agencies. The package will also progress and implement reforms under Australia’s Security of Critical Infrastructure (SOCI) Act 2018. This includes provisions to simplify information sharing across industry and government and enhancing governmen...

  Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson told BleepingComputer. "We have launched an investigation to assess this claim, and our investigation is ongoing." This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company. "Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private &...

  Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware. Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States. Storm-0501 attack flow The attacker gains access to cloud environments by exploiting weak credentials and taking advantage of privileged accounts, with the goal of stealing data and executing a ransomware payload. Microsoft explains that the Storm-0501 obtains initial access to the network with stolen or purchased credentials, or by exploiting...

  According to a Sophos survey of 5,000 IT and cybersecurity leaders released in April, 59% of organizations have been hit by a ransomware attack in 2023, from which 56% paid a ransom to get their data back. And the amounts paid were not trivial. In 63% of cases the ransom demand was for $1 million or more — $4.3 million, on average. Of the 1,097 respondents who shared their payment details, the average payment was $4 million — up from $1.5 million in 2023. What is ransomware? Ransomware is a type of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the encrypted data. Many organizations are paying ransom According to a report released in July by Semperis, based on a survey of 900 IT and security leaders, ransomware attacks disrupted business operations for 87% of companies. But paying ransomware is a losing game. Of those who were hit, 74% were hit multiple times, sometimes within the span of the same week. And of those...