White House releases National Cyber and Workforce Education Strategy
According to the Office of the National Cyber Director, this new strategy will seek to create a partnership between nine government agencies and over 200 nonprofits, corporations, and educational institutions. This will see the National Science Foundation issue over $24 million in grants for cyber education scholarships. NIST will award up to $3.6 million to partner with regional organizations on workforce development and education initiatives. The Department of Labor will use $65 million in grants to fund apprenticeship programs in cybersecurity across 45 states and territories. The White House characterized this as a “whole of society” effort to expand the cyber workforce.
Latest DeFi exploit sees millions in losses
The stablecoin exchange Curve offers financial services using smart contracts on the Ethereum blockchain. However it appears threat actors used a compiler bug used in Vyper, a programming language used by Curve’s platform, to access several of its stablecoin pools. No word from Curve on exact losses, but the auditing firm BlockSec estimated at least $42 million loss. The Vyper bug could also potentially impact other projects using it. It seems Curve could see a return of some of the funds, with some assets proactively taken by ethical hackers. (CoinDesk)
No link found between cyber insurance and paying ransoms
This finding comes from an independent study published by the UK’s National Cyber Security Centre and Research Institute for Sociotechnical Cyber Security. The conventional wisdom goes that threat actors could specifically target organizations known to carry cyberinsurance to ensure an easier payout. The researchers found no evidence of that, but did see that threat actors did use exfiltrated information on cyber insurance obtained in an attack as leverage in negotiations. The study concluded that the low cost and risks in ransomware played a much larger role in its continuing rise than any change in cyber insurance coverage.
West worried about China’s legacy chip focus
The US and European chip sanctions against China in recent years generally focus on cutting edge technology. This saw export bans impacting cutting edge fabrication machines using extreme ultraviolet lithography. As a result, China began pouring funding into manufacturing so-called legacy chips using older technology. Bloomberg’s sources say this new focus sparked new concerns from US and European policymakers, saying the US wants to prevent chips from becoming a point of leverage with China. The industry trade group SEMI forecasts China will lead all nations in building 26 new chip fabs through 2026.
Thanks to our sponsor, Opal
Printers somehow ruin the joy of throwing them out
Generally the greatest moment of customer satisfaction for a printer owner is when you can get rid of the device. However Canon warned that these discarded devices stored Wi-Fi connection settings in memory after initialization. Data stored includes SSIDs, passwords, IP addresses, and network profiles, opening the door to potential third-party access. Canon says this impacted 196 models across its consumer, business, and large-format inkjet lineup. Canon issued firmware updates to resolve the issue, and advised all users to reset all setting twice before discarding a printer.
Cyberattack proves a nightmare for Tempur Sealy
The mattress giant reported to the US Securities and Exchange Commission this week that a cyberattack impacted its operations, starting on July 23rd. It’s not clear if this represented a ransomware attack, but its regulatory filing did say it activated incident response and business continuity plans as a result. The attack also forced Tempur Sealy to shutdown some IT systems and interrupt overall operations. No word on if any data leaked in the attack, but the company said it will notify any impacted parties if discovered.
Ninja Forms bug puts WordPress at risk
Patchstack disclosed several vulnerabilities impacting the popular WordPress plugin. One includes a cross-site scripting flaw that allows for privilege escalation when visiting a maliciously crafted site. This seems to mirror another cross-site scripting flaw previously disclosed in Patchwork’s Freemius WordPress SDK. Another flaw related to privileges allows for users in a subscriber roll to export all Ninja Forms submissions. WordPress lists Ninja Forms plug-ins installed on over 800,000 sites.
Apple gives in on X
We reported last week that the platform formally known as Twitter couldn’t change its moniker on Apple’s App Store to X as the App Store Connect portal requires at least two characters for an app name. However over the weekend the app updated to reflect the new name. No word from Apple about the exception. X also changed it’s App Store tagline to “Blaze Your Glory,” interpret as you will.