AMID ELECTION CONSPIRACY THEORIES, CISA SAYS THERE'S NO CREDIBLE THREAT TO VOTING EQUIPMENT BY CHRISTIAN VASQUEZ

While CISA Director Jen Easterly claims that errors and glitches are bound to happen in every election, contrary to some of the misinformation being spread online before next week’s midterm elections, she says CISA has “no information credible or specific about efforts to disrupt or compromise” election infrastructure. Read more about what Easterly is more concerned about leading up to the elections in the full story from Christian Vasquez at CyberScoop.

Read more

SUPPLY CHAIN ATTACK PUSHES OUT MALWARE TO MORE THAN 250 MEDIA WEBSITES BY ELIZABETH MONTALBANO

A supply chain attack is being used by a threat actor known as TA569, or SocGholish, to spread FakeUpdates malware to over 250 media outlets across the U.S. This was accomplished by tampering with the JavaScript code of an application used by a media content provider to serve video and advertising to these media outlets. FakeUpdates malware has been previously linked to the Russian cybercrime group Evil Corp. Read more about which media outlets were affected and how organizations should respond to this supply chain threat.

Read more

WHITE HOUSE SEEKS INTERNATIONAL COOPERATION TO THWART GROWING RANSOMWARE THREAT BY TONYA RILEY

The White House is convening an International Counter Ransomware Summit, which will host leaders from 36 countries and the European Union. The countries participating, which doesn’t include countries notorious for harboring cybercriminals like Russia, are in the process of finalizing a joint statement that will address how to handle said countries, along with how to bolster cyber resilience in general. The summit is going into its second year of existence following the sharp rise in ransomware following the COVID-19 pandemic. Read more about who will be presenting at the summit and what challenges lie ahead for the participating countries in the full story from CyberScoop.

Read more

US AGENCIES ISSUE GUIDANCE ON RESPONDING TO DDOS ATTACKS BY IONUT ARGHIRE

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory this past week that aims to give guidance on how organizations can respond to DDoS attacks. Such attacks are said to lead to degradation of service, loss of productivity, extensive remediation costs, and reputational damage, and could even make organizations susceptible to other forms of attacks. “In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack,” the three agencies said in their statement.

Read more

RESEARCHERS UNCOVER STEALTHY TECHNIQUES USED BY CRANEFLY ESPIONAGE HACKERS BY RAVIE LAKSHMANAN

A recently discovered hacking group has been targeting employees dealing with corporate transactions using a previously undocumented malware known as Danfuan. According to researchers, the hackers are using a dropper “to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs." Danfuan, along with the Geppei dropper, was first identified in May 2022 and attributed to the espionage actor known as UNC3524 or Cranefly.

Read more