Updates to the National Cyber Incident Response Plan are being worked on by the Cybersecurity and Infrastructure Security Agency and the Office of the National Cyber Director after being mandated as part of the 2023 National Cybersecurity Strategy, according to The Record, a news site by cybersecurity firm Recorded Future.
Modernizing the NCIRP to recognize the value of the private sector as the first responder to cyber incidents and bolster recovery efforts has been noted as crucial by CISA Executive Assistant Director for Cybersecurity Eric Goldstein.
"Our goal is to provide an agile, actionable framework that can be actively used by every organization involved in cyber incident response to ensure coherent coordination that matches the pace of our adversaries," Goldstein added.
CISA is poised to release a draft of the updated NCIRP document for public comment by December, with the new plan expected to be approved and published by the end of next year.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
While DumpForums claimed to have infiltrated the company's corporate GitLab server, mail server, and software management services, Dr. Web emphasized that the incident had not resulted in any customer data compromise.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.