CISA highlights persistent challenges in authenticating OT communicationsCISA published a resource examining key obstacles that prevent secure authentication in operational technology (OT) environments. Thedocumentpoints out that legacy systems, proprietary protocols, and limited support for modern cryptographic methods make it difficult for personnel to implement strong authentication, often resulting in weak or absent identity verification during OT communications.EPA finds vulnerabilities at 277 water systemsThe US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems.Vulnerabilitieshave been identified at 277 community water systems across the country that could be exploited by threat actors.DoD employee indicted for acting as money mule in multimillion-dollar scam schemeA Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
CISA published a resource examining key obstacles that prevent secure authentication in operational technology (OT) environments. Thedocumentpoints out that legacy systems, proprietary protocols, and limited support for modern cryptographic methods make it difficult for personnel to implement strong authentication, often resulting in weak or absent identity verification during OT communications.EPA finds vulnerabilities at 277 water systemsThe US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems.Vulnerabilitieshave been identified at 277 community water systems across the country that could be exploited by threat actors.DoD employee indicted for acting as money mule in multimillion-dollar scam schemeA Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
EPA finds vulnerabilities at 277 water systemsThe US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems.Vulnerabilitieshave been identified at 277 community water systems across the country that could be exploited by threat actors.DoD employee indicted for acting as money mule in multimillion-dollar scam schemeA Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
The US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems.Vulnerabilitieshave been identified at 277 community water systems across the country that could be exploited by threat actors.DoD employee indicted for acting as money mule in multimillion-dollar scam schemeA Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
DoD employee indicted for acting as money mule in multimillion-dollar scam schemeA Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
A Department of Defense employee, Samuel D. Marcus, has beenindictedin federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
California imposes $2.75 million fine on Disney for CCPA violationsCalifornia regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
California regulators havefinedDisney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
Trend Micro introduces threat attribution frameworkTrend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
Trend Micro has outlined a newthreat attribution frameworkthat applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.Trump administration delays key China tech restrictionsThe Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reutersreported[paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.CISA highlights key 2025 achievements in critical infrastructure protectionCISA released its2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.Supply chain flaw exposes access to 200 airports worldwideCloudSek researchers discovered a critical vulnerability in a widely usedaviation software platformthat granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.Related:In Other News: Record DDoS, Epstein’s Hacker, ESET Product VulnerabilitiesRelated:In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
Source: SecurityWeek
