A draft executive order from the Biden Administration seeks to enhance cyber defenses.

Summary

By the CyberWire staff

At a glance.

A draft executive order from the Biden Administration seeks to enhance cyber defenses.
Attackers may be exploiting an unknown FortiGate zero-day.
Personal information was compromised in OneBlood ransomware attack.

A draft executive order from the Biden Administration seeks to enhance cyber defenses.

CyberScoop has obtained a draft copy of a Biden Administration executive order aimed at improving cybersecurity defenses across the Federal government and its contractors, with an additional focus on curbing cybercrime and fraud. The order would also direct the Commerce Department to issue minimum cybersecurity requirements for all industry sectors, and seeks to enhance the Cybersecurity and Infrastructure Security Agency's (CISA's) ability to detect threats within Federal systems. Other sections of the EO deal with securing artificial intelligence, preparing for post-quantum cryptography, and protecting Federal systems in space.

President Biden is expected to sign the order before he leaves office next week, though Federal News Network cites several anonymous Federal officials as saying the late timing of the order may undercut its implementation. Other sources noted, however, that the EO's content is largely non-partisan, so the incoming Trump administration may decide to pick up on many of the order's objectives.

What’s next for SOAR? Find out on January 14 with Tines and GigaOm

The demands on security teams have never been greater. Between alert fatigue, repetitive manual tasks, endless false positives, inflexible technology, and the looming risk of burnout, it adds up.

Modern teams – and modern threats – demand modern solutions.

Join Tines Field CISO Matt Muller & GigaOm's Andrew Green on January 14th to explore SOAR trends, vendor insights, and innovations driving agility in security teams. Uncover the state of SOAR -- and what’s next for security automation in 2025.

Attackers may be exploiting an unknown FortiGate zero-day.

Arctic Wolf warns that an attack campaign is likely exploiting an unknown zero-day to compromise internet-exposed Fortinet FortiGate firewall devices. The researchers state, "In early December, Arctic Wolf Labs began observing a campaign involving suspicious activity on Fortinet FortiGate firewall devices. By gaining access to management interfaces on affected firewalls, threat actors were able to alter firewall configurations. In compromised environments, threat actors were observed extracting credentials using DCSync. While the initial access vector used in this campaign is not yet confirmed, Arctic Wolf Labs assesses with high confidence that mass exploitation of a zero-day vulnerability is likely given the compressed timeline across affected organizations as well as firmware versions affected."

Arctic Wolf says organizations "should urgently disable firewall management access on public interfaces as soon as possible." The researchers notified Fortinet of the attacks last month, and the company confirmed that "the activity was known and under investigation."

Elevate your Cybersecurity Posture with ‘Visible Ops’: Insights from Experts

Order your copy of VisibleOps Cybersecurity now to unlock essential strategies for combating advanced threats. This comprehensive guide offers actionable frameworks, proven methodologies, and insights to help you build a resilient cybersecurity culture within your organization. Designed for leaders and teams alike, it equips you with the knowledge to drive operational excellence to both proactively guard and stay ahead of emerging cybersecurity risks. Strengthen your defenses and lead with confidence. VisibleOps Cybersecurity, available at Amazon.

Personal information was compromised in OneBlood ransomware attack.

OneBlood, a not-for-profit that supplies donated blood for more than 250 hospitals across the United States, has confirmed that donors' personal information was compromised during a ransomware attack the organization sustained in July 2024, BleepingComputer reports. The exposed data is limited to names and Social Security numbers. OneBlood began notifying affected individuals last month, and is offering victims a year of free credit monitoring.

Notes.

Today's issue includes events affecting , and the United States.

Attacks, Threats, and Vulnerabilities

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says (WIRED) Huione Guarantee, a gray market researchers believe is central to the online scam ecosystem, now includes a messaging app, stablecoin, and crypto exchange—while facilitating $24 billion in transactions.

Security Patches, Mitigations, and Software Updates

SAP Patch Day: January 2025 (Onapsis) Onapsis supported SAP in patching the two HotNews vulnerabilities and one Medium Priority vulnerability for January 2025 SAP Patch Day.

Marketplace

Protegrity Names Silicon Valley Veteran Michael Howard as CEO (PR Newswire) /PRNewswire-PRWeb/ -- Protegrity, a global leader in data security and privacy, today announced Michael Howard as Chief Executive Officer. Marked by a proven...

Products, Services, and Solutions

KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches (KnowBe4) KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches

Legislation, Policy, and Regulation

UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine) A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services

Litigation, Investigation, and Law Enforcement

Microsoft Sues Harmful Fake AI Image Crime Ring (GovInfoSecurity) Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

FutureCon Baltimore (Baltimore, Maryland, USA, Feb 13, 2025) Hear from our esteemed speakers while gaining up to 10 CPE credits. Immerse yourself in the latest cybersecurity developments to gain valuable insights in today’s dynamic threat landscape. Learn how to effectively manage risk, demo the newest technologies from an array of different sponsors, and network with your local community.

WICYS 2025 (Dallas and Virtual, Texas, USA, Apr 2 - 5, 2025) WiCyS 2025 is the go-to event for cybersecurity professionals, students, and organizations. The conference is the flagship event to recruit, retain and advance women in cybersecurity.

Events

Hacking 4 Humanity 2025 (Virtual, Jan 24 - Feb 7, 2025) Online hate is on the rise, leading to real-world devastating effects on individuals and communities around the world. Join Carnegie Mellon, Duquesne, Pitt, and other undergrad and grad students from Pittsburgh at a multidisciplinary hackathon to develop new tech and policy solutions that mitigate online hate and create safer communities. Hacking4Humanity is a tech and policy hackathon for undergraduate and graduate students, which offers students a new way to engage with real-world social problems that can be improved with novel technical and policy solutions.

Cyberjutsu Unplugged: Career Exploration Day (Las Vegas, Nevada, USA, Jan 25, 2025) Join us January 25th and learn more about Cybersecurity and how you can have a career in this space. This is a FREE event but we do recommend making a donation. Just $50, provides a one year membership to the Women's Society of Cyberjutsu and all the resources available to help you along your journey.

GSA Spaceport Summit 2025 (Orlando, Florida, USA, Jan 27, 2025) Commercial Space Week begins with annual GSA Spaceport Summit on January 27, 2025.

Space Mobility Conference and Expo (Orlando, Florida, USA, Jan 28, 2025) Space Mobility mobilizes commercial industry executives and high-ranking officials from defense and government agencies to assure access and superiority in the highly contested space domain.

SpaceCom/Space Congress (Orlando, Florida, USA, Jan 28 - 30, 2025) SpaceCom | Space Congress exclusively draws participation from the industry leaders and organizations with the power to drive new space strategies, fuel forward progress, signal demand for continued innovation, inform policy, and institute a sustainable future for commercial space. As host of Commercial Space Week, SpaceCom integrates the people, institutions, and solutions that ignite innovation– facilitating progress for every space mission.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.14.25

At a glance.

A draft executive order from the Biden Administration seeks to enhance cyber defenses.

Attackers may be exploiting an unknown FortiGate zero-day.

Personal information was compromised in OneBlood ransomware attack.

Notes.

Attacks, Threats, and Vulnerabilities

Security Patches, Mitigations, and Software Updates

Marketplace

Products, Services, and Solutions

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Newly Noted Events

Events