Swiss critical sector faces new 24-hour cyberattack reporting rule
Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country. The mandate is introduced via an amendment to the Information Security Act (ISA), which will go into effect on April 1, 2025. The law applies to critical service providers such as utilities, local government, and transportation organizations.
Hacker accessed PowerSchool’s network months before massive December breach
A hacker compromised the U.S. edtech giant PowerSchool months before its “massive” data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network “experienced unauthorized activity prior to December,” which CrowdStrike dated back to at least August 2024.
Hackers Take Credit for X Cyberattack
More information is coming to light on the cyberattack that caused outages of the social media platform X (formerly Twitter) on Monday, but much of the information is difficult to verify. There appear to have been several attack waves and tens of thousands of users have reported X outages, according to the DownDetector service. The disruptions were likely caused by distributed denial-of-service (DDoS) attacks. As users reported being unable to access X, Elon Musk blamed the outages on a “massive cyberattack”.
Lazarus Hackers Weaponized 6 npm Packages To Steal Logins
A sophisticated supply chain attack orchestrated by the notorious Lazarus Group, a threat actor widely believed to be linked to North Korea has been uncovered recently by cybersecurity researchers. The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. The attack, discovered last week, represents one of the most significant software supply chain compromises of the year, potentially affecting millions of downstream applications and websites that incorporated the tainted dependencies.
Trump nominates Sean Plankey to run top US cyber agency
Sean Plankey, who served in cybersecurity roles in the first Trump administration, has been officially nominated to run the Cybersecurity and Infrastructure Security Agency (CISA), according to a Monday posting of nominations. Plankey’s nomination has been sent to the Homeland Security and Governmental Affairs Committee for official consideration. Plankey served as acting assistant secretary for the Office of Cybersecurity, Energy Security and Emergency Response at the Department of Energy and director for maritime and pacific cybersecurity policy at the National Security Council in Trump 1.0.
