Cyber Security Headlines – November 9, 2021

US infrastructure bill includes cybersecurity provisions

Late last week the US House passed the bipartisan Infrastructure Investment and Jobs Act, approved by the Senate back in August and now awaiting the President’s signature. There are a lot of programs within the bill, but the biggest for this show is a $1.9 billion boost in government cybersecurity spending. This includes a $1 billion grant program from FEMA to help state, local, tribal and territorial governments modernize systems to protect sensitive data, information, and public critical infrastructure over the next four years. The bill also includes $65 billion for broadband expansion. 

(CSO Online)

Chipmakers respond to US call for supply chain info

Back in September, the US Department of Commerce asked global semiconductor manufacturers to complete voluntary supply chain questionnaires, providing a November 8th deadline. The South Korean Ministry of Economy and Finance report Samsung and SK Hynix will disclose some data in response, although they will not include detailed info as trade secrets. TSMC also submitted a response, but said it did not disclose detailed information on clients. Micron, Western Digital, and United Microelectronics also made submissions. 

(Bloomberg)

REvil hackers arrested

The US Justice Department announced the arrest of a 22-year old Ukrainian national with ties to the prominent ransomware group. The alleged hacker supposedly aided in the attack of Kaseya earlier this year, and was arrested in Poland with the aid of international law enforcement. Law enforcement also seized $6.1 million in ransom payments.The US is seeking extradition. The Justice department also announced the arrest of a 28-year-old Russian national who is accused of conducting “REvil ransomware attacks against multiple victims,” including a 2019 attack that impacted dozens of towns in Texas. In a related announcement, Europol announced the arrest of seven REvil affiliates across Europe. 

(Gizmodo, The Record)

US offers bounty for REvil operators, sanctions crypto exchanges

The State department announced a $10 million bounty for information on the leadership of the REvil ransomware gang. This follows a similar bounty for info on the organizers of DarkSide last week. 

The U.S. Treasury separately announced sanctions against the cryptocurrency exchange Chatex, as well as three other companies providing services to the exchange. In a statement on the sanctions, a Treasury spokesperson said, “[a]nalysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware.” 

(Security Week)

Thanks to our episode sponsor, Vulcan Cyber

Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn’t. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan’s take on the difference between negligent and effective cyber security. It’s a fine line. Go to vulcan.io and click the button at the top of the screen to register for the event.

Drone loses battle against power station

According to a joint security bulletin from DHS, the FBI, and the National Counterterrorism Center, in July 2020 a DJI Mavic 2 drone approached a Pennsylvania power substation in what was an attempt to “disrupt operations by creating a short circuit” using a thick copper wire connected to the drone. This is the first known incident of using an unmanned aircraft system to “specifically target” US energy infrastructure. The drone crashed on a roof before reaching its target but the operator has not been found. The operator removed several sensors and cameras from the drone in order to avoid detection, meaning it had to be flown by line of sight, likely causing the crash. 

(Wired)

McAfee goes private

An investor group acquired all outstanding shares of the cybersecurity company McAfee, acquiring the company in an all-cash deal worth over $14 billion. McAfee was previously spun out from Intel in 2017, completed an IPO in 2020, and sold off its enterprise security business to a consortium led by Symphony Technology Group for $4 billion in March. The deal is expected to close in the first half of 2022, although the company’s Board and advisors have 45 days to look for better acquisition proposals. This deal will take McAfee private again.

(ZDNet)

AMD’s Zen 4 roadmap adds cores and security

We learned a little about AMD’s Zen 4 CPU roadmap for its EPYC data center processors at its Accelerated Data Center event. These will be built on a 5nm process in 2022, claiming twice the density and power efficiency with 1.25x better performance compared to its 7nm chips. These include Genoa, which will offer up to 96 high-performance Zen 4 cores, and include DDR5 and PCIe Gen5, as well as Bergamo, a chip customized for cloud native applications with up to 128 high performance “Zen 4 C” cores. Genoa is sampling to customers now, set for a 2022 launch. Both processors offer AMD’s hardware-based Security Suite, designed to let service providers run confidential virtual machines for customers with high security and confidentiality requirements.

(Anandtech)

Google throws user experience under the security bus

In response to complaints about the speed and accuracy of the under screen fingerprint reader on the Pixel 6, Google said the sensor “utilizes enhanced security algorithms” which can take longer to verify or require more direct contact with the sensor. It’s unclear if software updates would be able to improve performance over time. Several other smartphone OEMs use under screen fingerprint sensors, seemingly without such usability complaints. 

(The Verge)


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.