Articles of interest from the week of September 19, 2022

CISA Director Previews New Strategic Plan, Cyber Incident
Reporting RFI

The Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly today previewed the agency’s new strategic plan, as well as a request for information (RFI) on cybersecurity incident reporting that will both be released “in a couple days.” (MeriTalk)

HC3 Details Healthcare Cybersecurity Implications of AI, 5G,
Emerging Tech

As emerging technologies continue to revolutionize patient care, organizations must also consider the healthcare cybersecurity implications that come along with them. The Health Sector Cybersecurity Coordination Center (HC3) issued a brief that explored various emerging technologies, their roles in healthcare, and how each intersects with security. (HealthITSecurity)

White House Guidance Recommends SBOMs for Federal Agencies

The Biden White House has released a new cybersecurity executive order outlining guidelines for software supply chain security, including the suggestion that federal agency CIOs start requiring documentation of secure development and software bills of materials (SBOMs). (DarkReading)

Uber Investigating Cybersecurity Incident After Hacker Breaches Its Internal Network

Uber confirmed on Thursday that it’s responding to a cybersecurity incident after reports claimed a hacker had breached its internal network.

The ride-hailing giant discovered the breach on Thursday and has taken several of its internal communications and engineering systems offline while it investigates the incident, according to a report by The New York Times, which broke news of the breach. (TechCrunch)

North Korean Hackers Spreading Trojanized Versions of PuTTY
Client Application

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. (The Hacker News)