The Register: FCC stands up Council on National Security to fight China in ways that CISA used to

Mar 16, 2025

—

Source URL: https://www.theregister.com/2025/03/16/infosec_news_in_brief/
Source: The Register
Title: FCC stands up Council on National Security to fight China in ways that CISA used to

Feedly Summary: PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware
Infosec In Brief United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a Council on National Security that will combat foreign threats to American tech and telecommunications infrastructure.…

AI Summary and Description: Yes

Summary: The text discusses recent developments in cybersecurity, specifically focusing on the establishment of a Council on National Security by the FCC to tackle foreign threats, critical vulnerabilities in software being actively exploited, arrests related to cybercrime, spyware apps attributed to North Korea, and legal consequences for an Australian investment firm over cybersecurity negligence. These topics are highly relevant for professionals in cybersecurity and infrastructure due to their implications on national security, software vulnerabilities, and compliance.

Detailed Description:

– **Council on National Security**:
– The FCC aims to form a council to combat threats from foreign adversaries, particularly from the Chinese Communist Party (CCP).
– Goals include:
– Reducing technology and telecom dependency on foreign adversaries.
– Mitigating vulnerabilities to cyberattacks, espionage, and surveillance.
– Ensuring the U.S. maintains a competitive edge in critical technologies like AI and 5G.

– **Active Exploitation of Vulnerabilities**:
– Several vulnerabilities have been identified, notably in software by Ivanti and Advantive, with CVSS scores that indicate a high severity of risk.
– CISA has issued warnings on multiple CVEs that are under exploitation, urging users to apply necessary patches.

– **Cybercrime Arrests**:
– The arrest of a Garantex administrator represents significant progress by U.S. authorities in tackling the laundering of stolen cryptocurrencies, which involved notorious ransomware groups.

– **Spyware Apps by North Korea**:
– New spyware applications linked to North Korean actors found in mainstream app stores underscore ongoing global cybersecurity threats.
– These apps are designed to collect sensitive data, exemplifying advanced methods employed by state-sponsored cybercriminals.

– **Legal Actions Against FIIG Securities**:
– An Australian investment firm is facing legal scrutiny for poor cybersecurity practices that led to significant data breaches.
– The case illustrates the importance of compliance with cybersecurity regulations and the potential repercussions of negligence in safeguarding sensitive information.

Overall, this text highlights key issues in cybersecurity, including governance, active threat detection, regulatory compliance, and the consequences of lapses in security protocols. It serves as a reminder for professionals to stay vigilant and proactive in safeguarding their organizations against an evolving landscape of cyber threats.

1 2 3 5 5G a Act actions active exploitation Advantive AI air and anti App Store app stores Application applications art as attack attacks attribute Australia being breach breaches by C China Chinese Chinese Communist Party CISA Col communication competitive competitive edge compliance core Council on National Security crime critical Crypto CVE CVSS cyber cyber threat cyber threats cyberattack Cyberattacks cybercrime cybercriminal cybercriminals cybersecurit Cybersecurity cybersecurity practices cybersecurity regulations cybersecurity threat cybersecurity threats D data data breach Data breaches de dependency design detection development e edge end espionage exp exploit Exploitation FCC Federal Communications Commission for foreign adversaries foreign threats g Gen GIS global cybersecurity Go goal Google governance Group gs H high high severity Highlight HR http HTTPS implications in India information infosec infrastructure investment ite Ivanti k Key l land led Legal legal action legal actions legal consequences legal scrutiny Li Link linked malware mini mission multi N nation national security negligence news NIST no North Korea North Korean North Korean actors North Korean malware o of on OPM organization organizations ory over party Patch patches potential pre proactive professionals Progress protocol protocols Py R ransom ransomware ransomware group ransomware groups rate RCE red Regulation regulations regulatory regulatory compliance Risk Ro RoT RSA s safe sec Securiti security security practices security protocols security threat security threats sensitive data sensitive information sequence severity Sig software software vulnerabilities source specific sponsored sponsored cybercriminals spy Spyware SSE state state-sponsored state-sponsored cybercriminals surveillance T tech technologies technology telecom telecommunications telecommunications infrastructure text the threat threat detection threats to Tor TP U.S. United States up ups US use user Users uth V vulnerabilities Ware Wi x