Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution. 

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

100,000 people affected by CISA breach 

The cybersecurity agency CISA told lawmakers that the recent breach involving its Chemical Security Assessment Tool (CSAT) could affect over 100,000 individuals. The incident involved exploitation of an Ivanti product vulnerability. While the incident is ‘major’ based on FISMA’s definition, CISA found no evidence that the hackers actually stole data, and the agency said the incident did not have any operational impact, despite forcing it to shut down some systems. 

US House bans use of Microsoft AI Copilot

The US House has banned the use of Microsoft’s Copilot AI chatbot by congressional staffers due to it potentially leaking data to non-approved cloud services. Microsoft is working on a suite of AI tools designed for government use, which the tech giant hopes will address data exposure concerns. 

Advertisement. Scroll to continue reading.

UK nuclear waste site to be prosecuted over cybersecurity failures

The UK’s Office for Nuclear Regulation (ONR) has informed the Sellafield nuclear waste and decommissioning site that it will be prosecuted over alleged IT security offenses that occurred between 2019 and early 2023. The move comes a few months after it was reported that threat actors linked to Russia and China had hacked into Sellafield systems. The ONR said there was no indication that public safety was compromised as a result of the issues. 

Lessons learned from electrical grid security exercise

The North American Electric Reliability Corporation (NERC) and the Electricity Information Sharing and Analysis Center (E-ISAC) have published a lessons learned report for GridEx VII, the seventh edition of the biennial exercise focusing on the security of the electrical grid in the United States and Canada. Over 250 organizations took part in the exercise in November 2023.

Law enforcement operation had major impact on LockBit 

Trend Micro has published a report detailing the impact of the recent law enforcement operation against the LockBit ransomware. The company’s researchers found that while the group attempted to downplay impact, the law enforcement action significantly affected the cybercrime operation. While the main players may not be out of the picture, it will not be easy for them to create a new operation at the level of LockBit. 

CISA providing resources for high-risk communities 

CISA has published a dedicated High-Risk Communities webpage providing cybersecurity resources for activists, journalists, human rights defenders, academics, and others who are at heightened risk of being targeted by threat actors due to their identity or work. The resources include cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services.

Microsoft announces public previews for unified security operations platform and new Priva features 

Microsoft this week announced the public preview of its unified security operations platform, which brings together SIEM and XDR capabilities, as well as cybersecurity-focused generative AI. The tech giant also announced the expansion of its Priva privacy risk management products. Several new features are now in public preview, including privacy policy assessments, subject rights requests, consent management, tracker scanning, and privacy risk management. 

California hospital turning patients away due to cyberattack

The NorthBay VacaValley Hospital in California was forced to turn some patients away due to a cyberattack. The incident reportedly involved ransomware

VMware, NVIDIA and Rapid7 patches

VMware has patched three vulnerabilities, including two rated ‘high severity’, in its SD-WAN products. The flaws can be exploited for unauthenticated command injection, obtaining sensitive information, and accessing the BIOS configuration. 

NVIDIA has published its CUDA Toolkit security bulletin for April 2024, informing customers about patches for three low-severity DoS vulnerabilities. 

Rapid7 has patched CVE-2024-0394, a privilege escalation vulnerability in its Minerva Armor product. The high-severity flaw is related to the product’s implementation of an OpenSSL parameter. 

Splunk vs Cribl lawsuit

Cribl, the data engine for IT and security, has shared an update on the lawsuit filed by Splunk.  Cribl offers solutions that complement Splunk’s products. The company’s co-founder, Clint Sharp, who previously worked at Splunk, was accused of open sourcing an implementation of a proprietary protocol and launching a competing company. Sharp now says the companies are still going to court, but he’s no longer named as a defendant in the lawsuit. 

Related: In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

Related: In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap 

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Cyberwarfare

US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Funding/M&A

Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.

Government

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

Cloud Security

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.

Cloud Security

News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.

Government

CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.