The island democracy was early to ban TikTok on government phones, and the ruling party refuses to use it. But a U.S.-style ban is not under consideration.

© An Rong Xu for The New York Times

Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory Committee (FSCAC). This prestigious committee plays a crucial role in advising the Federal Risk and Authorization Management Program (FedRAMP) on various aspects of cloud computing adoption and security. The FSCAC appointment recognizes Mr. Krueger's expertise and Project Hosts' ongoing efforts to support secure cloud-computing practices and compliance standards, benefiting users and providers of cloud services. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide compliance initiative in the United States that offers a standardized framework for security assessment, authorization, and continuous monitoring of cloud products and services.

FSCAC Appointment Includes New Chair and Three Members

Along with Josh Krueger's appointment, Lawrence Hale, the deputy assistant commissioner within the Office of Information Technology Category Management for GSA's Federal Acquisition Service, will serve as the new chair of the FSCAC. In this capacity, Hale will act as a liaison and spokesperson for the committee's work products, in addition to his oversight responsibilities. Josh Krueger, and Kayla Underkoffler, the lead security technologist of HackerOne, will fill the vacant seats. Krueger's term will run through July 9, 2026, while Underkoffler's term will end on May 14, 2025. Carlton Harris, the senior vice president of End to End Solutions, has been appointed as the third new member of the FSCAC, with a three-year term ending on May 14, 2027. While not among the recent appointees, Michael Vacirca, a senior engineering manager at Google, has been reappointed to the federal panel for a full three-year term after serving for one year. His term will conclude on May 14, 2027. As an appointed Representative Member of the FSCAC, Mr. Josh Krueger is expected to bring unique perspectives towards the delivery of FedRAMP's Compliance-as-a-Service solutions. The role at the committee will involve representing the needs and viewpoints of businesses both small and large in the cloud-computing industry, and ensuring their interests are considered in the federal discussions and strategies around cloud adoption.

Responsibilities of the Federal Secure Cloud Advisory Committee

The FSCAC was formed by the General Services Administration in February 2023, in compliance with the FedRAMP Authorization Act of 2022, which is part of the National Defense Authorization Act for fiscal year 2023. The committee's primary responsibilities include advising and providing recommendations to the GSA Administrator, the FedRAMP Board, and various agencies on technical, financial, programmatic, and operational matters related to the secure and effective adoption of cloud computing products and services across different sectors. The committee also plays a significant role in examining the operations of FedRAMP, seeking ways to continually improve authorization processes, and collecting information and feedback on agency compliance with the implementation of FedRAMP requirements. Additionally, the FSCAC serves as a forum for communication and collaboration among all stakeholders within the FedRAMP community. The FSCAC will hold an open meeting on May 20th to discuss its next priorities, which are expected to further enhance the security and adoption of cloud computing solutions across the federal government. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Preliminary numbers show a nearly 4 percent decrease in deaths from opioids, largely fentanyl, but a rise in deaths from meth and cocaine.

© Erin Schaff/The New York Times

Automakers in the United States and their supporters welcomed President Biden’s tariffs, saying they would protect domestic manufacturing and jobs from cheap Chinese vehicles.

© Aly Song/Reuters

The Federal Energy Regulatory Commission approved the biggest changes in more than a decade to the way U.S. power lines are planned and funded.

© Renaud Philippe for The New York Times

The storm interfered with navigational systems used in tractors and other farming equipment, leaving some farmers temporarily unable to plant their crops.

© Tiffany Graham

Advertisers of merchandise for young girls find that adult men can become their unintended audience. In a test ad, convicted sex offenders inquired about a child model.

© Illustration by Amir Hamja/The New York Times

An unidentified threat actor known as "pwns3c" has offered access to a database purported to contain sensitive data and documents from a City of New York data breach for sale on BreachForums. The City of New York website offers official digital representation of the city's government as well as access to related information such as alerts, 311 services, news, programs or events with the city. The claims made in the post, despite its alleged nature raises significant concerns about the extent of the data breach as well as the security practices followed by the government office.

Alleged City of New York Data Breach Claimed to Include Sensitive Data

The stolen database is allegedly stated to include 199 PDF files, approximately 70MB in size in total. The exposed data includes a wide range of personally identifiable information (PII), such as: Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Moreover, the data also reveals sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature. The threat actor is selling this sensitive information for a mere $30, and interested buyers are instructed to contact them through private messages within BreachForums or through their Telegram handle. The post seemingly includes links to download samples of the data allegedly stolen in the attack. [caption id="attachment_68084" align="alignnone" width="1872"] Source: BreachForums[/caption] The alleged data breach has far-reaching implications, as it puts the personal information of numerous individuals at risk. The leak of personally identifiable information (PII) and sensitive documents exposes individuals to potential risks of identity theft, fraud, and other malicious activities. The Cyber Express team has reached out to the New York City mayor's official press contact email for confirmation. However, no response has been received as of yet.

pwns3c Earlier Claimed to have Hacked Virginia Department of Elections

In an earlier post on BreachForums, pwns3c claimed an alleged data breach against the Virginia Department of Elections, compromising of at least 6,500 records. The earlier stolen data was also offered for USD 30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 of Virginia's local election offices. The compromised data was allegedly stated to have included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details. However, there has been no official confirmation of the stated incident as of yet. The breaches claimed by pwns3c, despite their alleged nature highlight the persistent challenges of securing the websites of government institutions. The sensitive nature of the stolen data that may allegedly include Social Security Numbers (SSNs), contact information, election-related details, and signatures, underscores the urgency for government websites to strengthen their security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The best weather conditions for viewing the colorful light display will be in much of the West while New England was “a question mark,” a forecaster said.

© Blake Benard/Getty Images

The gasoline-powered Malibu was the last sedan sold by Chevrolet, the General Motors brand, in the United States.

© Michael Brochstein/SOPA Images, via LightRocket, via Getty Images

Beijing’s dominance raises economic and security concerns, and tensions will be high as top climate diplomats meet this week.

© Agence France-Presse — Getty Images

Brandywine Realty Trust issued a recent filing to the US Securities And Exchange Commission (SEC), where it confirmed that an unauthorized third-party had gained access to portions of its internal network. The Brandywine Realty Trust data breach is stated to have affected the functioning of some of its internal systems, following preventative measures as part of the firm's incident response plan. Brandywine Realty Trust is one of the largest publicly traded real estate companies in the United States with a primary focus in the Philadelphia, Texas and Austin markets. The firm is organized as a real estate investment trust and manages 69 properties comprising of 12.7 million square feet in land spanning multiple states. Upon detecting the intrusion, the trust initiated its response protocols and took steps to contain affected systems, assess the extent of the attack and move towards remediation. Investigative efforts were held together with external cybersecurity professionals, while details were shared with law enforcement.

Brandywine Realty Trust Data Breach Disrupted Trust's Operations

The filing reveals that along with unauthorized access to its internal systems, the attack also involved the  encryption of some of the company's internal resources. The encryption process disrupted access to portions of the company’s business applications responsible for several of the company's internal and corporate functions, including its financial and reporting systems. The company disclosed that certain files were stolen during the attack, but that it is still working on determining the extent of sensitive and confidential information accessed during the intrusion into its IT systems, and establishing if any personal information had been accessed. However, the company believes that the intrusion had been been contained from spreading further into its systems and stated that it is working diligently to restore its IT systems back online. The Company is also  evaluating if any additional regulatory and legal notifications are required after facing the incident and will issue appropriate notifications according to its findings.

Perpetrator Behind Brandywine Realty Trust Data Breach Unknown

The company is known to have rented out commercial properties to various prominent firms, with its biggest tenants including IBM, Spark Therapeutics, Comcast, and the FMC Corporation. However, the attack comes during a recent period of increased ongoing volatility in the office commercial space with  Brandywine recently cutting down its quarterly dividend, from 19 cents to 15 cents a share, for the first time since 2009. In an recent interview, the company's CEO acknowledged “turbulent times” in commercial real estate space and the company aimed at covering its “danger points.” He added the company has plenty of cash and available credit, while noting that compared to its peers, the firm had a substantially lower number of leases set to expire over the next few years.

Recent studies cast doubt on whether large-scale mental health interventions are making young people better. Some even suggest they can have a negative effect.

© Sandra Mickiewicz for The New York Times

New research finds that the death rate among Black youths soared by 37 percent, and among Native American youths by 22 percent, between 2014 and 2020, compared with less than 5 percent for white youths.

© Carolyn Kaster/Associated Press

The automaker led by Elon Musk is no longer planning to take the lead in expanding the number of places to fuel electric vehicles. It’s not clear how quickly other companies will fill the gap.

© Lauren Justice for The New York Times

America’s adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.

© Amir Hamja/The New York Times

Several lawmakers questioned whether the company had become so large — with tentacles in every aspect of the nation’s medical care — that the effects of the hack were outsize.

© Ting Shen for The New York Times

The carmaker dismissed 500 employees in a unit that was critical to its success and seen as important to the future of electric vehicle sales in the United States.

© Philip Cheung for The New York Times

An effort to protect 30 percent of land and waters would count some commercial fishing zones as conserved areas.

© Karsten Moran for The New York Times

With more than 2 billion voters ready to cast a vote this year across 60 plus nations -including the U.S., U.K. and India - Russian state hackers are posing the biggest cyber threat to election security, researchers said. Google-owned Mandiant in a detailed report stated with “high confidence” that Russian state-sponsored cyber threat activity poses the greatest risk to elections in regions with Russian interest.

“Multiple Russian groups have targeted past elections in the U.S., France, and Ukraine, and these groups have continued to demonstrate the capability and intent to target elections both directly and indirectly,” Mandiant said.

Why Russia is the Biggest Cyber Threat to Election Security

Russia's approach to election interference is multifaceted, blending cyber intrusion activities with information operations aimed at influencing public perceptions and sowing discord. State-sponsored cyber threat actors, such as APT44, better known as the cyber sabotage unit Sandworm, and APT28 have a history of targeting elections in the U.S., and Europe. These actors employ hybrid operations, combining cyber espionage with hack-and-leak tactics to achieve their objectives. The 2016 U.S. presidential election is a prime example of Russia's cyber interference capabilities, as per Mandiant. APT28, linked to Russia intelligence unit - the GRU, compromised Democratic Party organizations and orchestrated a leak campaign to influence the election's outcome. Similarly, in Ukraine, APT44 conducted disruptive cyber operations during the 2014 presidential election, aiming to undermine trust in the electoral process. Jamie Collier, Mandiant senior threat intelligence advisor said, “One group to watch out for is UNC5101 that has conducted notable hybrid operations in the past.” Mandiant reports UNC5101 engaging in cyber espionage against political targets across Europe, Palestinian Territories, and the U.S. The actor has also used spoofed Ukrainian government domains to spread false narratives directly to government employees' inboxes. Before Russia's 2023 and 2024 elections, UNC5101 registered domains related to opposition figures like Alexei Navalny and conducted likely information operations to deceive voters. Russian state-aligned cyber threat actors target election-related infrastructure for various reasons including applying pressure on foreign governments, amplifying issues aligned with Russia's national interests, and retaliating against perceived adversaries. Groups like APT28 and UNC4057 conduct cyber espionage and information operations to achieve these objectives, Mandiant said.

Beijing’s Interest in Information Operations

Collier noted that state threats to elections are far more than just a Russia problem.

“For instance, we have seen pro-China information operations campaigns carry out election-related activity in the US, Taiwan, and Hong Kong,” Collier said.

China's approach to election cybersecurity focuses on intelligence collection and influence operations that promote narratives favorable to the Chinese Communist Party (CCP). State-sponsored actors like TEMP.Hex have targeted elections in Taiwan, using cyberespionage to gather critical information and using information operations to shape public discourse, Mandiant’s analysis found. In the lead-up to Taiwan's 2024 presidential election, Chinese threat actors intensified cyber espionage activities, targeting government, technology, and media organizations. Concurrently, pro-PRC information operations sought to discredit candidates perceived as unfriendly to China, using fabricated leaks and disinformation campaigns to sway public opinion, which even the Taiwanese government confirmed.

Watch-Out for Iran’s Espionage and Influence Campaigns

Iranian state hackers are another group of threat actors to keep an eye on for their cyber espionage and influence campaigns, Mandiant noted.

“[Irans’s] campaigns will rise as elections approach in key nations of interest to the Islamic Republic, such as counterparts in the currently stalled nuclear negotiations, and countries offering support to Israel during current fighting in Gaza,” Mandiant said.

During the 2020 U.S. presidential election, Iran attempted to compromise state voter registration websites and disseminate false information. The U.S. Department of Justice charged two Iranian nationals in 2021 for their involvement in this campaign. Pro-Iranian influence campaigns, including Liberty Front Press and Roaming Mayfly, target global audiences with anti-U.S. and anti-Israeli propaganda, amplifying partisan divisions and fostering distrust in democracies, Mandiant said.

Diverse Targets Multiple Vectors

Securing elections requires protecting not only voting machines and voter registries but also a wide range of entities involved in the electoral process. Political parties, news media, and social media platforms are frequent targets of cyber operations, which also comes under the attack surface of elections. [caption id="attachment_65433" align="aligncenter" width="551"] Credit: Mandiant[/caption] Cyber threat actors are increasingly employing hybrid operations, combining multiple tactics to amplify their impact. Examples from past elections, such as the Ukrainian presidential election in 2014, illustrate how they are using a combination of cyber intrusions, data leaks, and DDoS attacks to disrupt electoral processes. Owing to this Mandiant detailed likely threat vectors that could be used in the upcoming election season: [caption id="attachment_65432" align="aligncenter" width="819"] Credit: Mandiant[/caption] The threats posed by Russian, Chinese, and Iranian state actors to election cybersecurity are complex and multifaceted. By understanding the tactics and objectives of these actors, election organizations can develop effective mitigation strategies to safeguard democratic processes. However, addressing these threats requires a concerted effort involving international cooperation and a commitment to upholding the integrity of democratic elections worldwide. In-line with this, the U.S. agencies recently released guidance to defending the integrity of democratic processes. The guidance extensively details common tactics seen in foreign malign influence operations, offering real-world instances and suggesting possible countermeasures for stakeholders in election infrastructure. Though many of these tactics aren't new, the widespread use of generative artificial intelligence (AI) has notably amplified adversaries' ability to produce and spread persuasive malicious content, the guidance said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The early results suggest that pasteurization is killing the H5N1 virus in milk, something that regulators were not certain of.

© Justin Sullivan/Getty Images

The National Highway Safety Administration also released an analysis of crashes involving the system that showed at least 29 fatal accidents over five and a half years.

© Hannah Yoon for The New York Times

ByteDance owns both TikTok and Douyin, and although TikTok has more users around the world, Douyin is the company’s cash cow and a China mainstay.

The Biden administration has expressed growing alarm that efforts to fight climate change could falter unless the electric grids are quickly expanded.

© Nina Riggio for The New York Times

Animal-welfare science tries to get inside the minds of a huge range of species — in order to help improve their lives.

New research questions the long-held theory that reintroduction of such a predator caused a trophic cascade, spawning renewal of vegetation and spurring biodiversity.

© Diane Renkin/National Park Service

H5N1, an avian flu virus, has killed tens of thousands of marine mammals, and infiltrated American livestock for the first time. Scientists are working quickly to assess how it is evolving and how much of a risk it poses to humans.

© Sebastian Castaneda/Reuters

Homeownership is not the boon to older Americans that it once was.

© Kelly Burgess for The New York Times

Lawmakers raising national security concerns and seeking to disconnect a major Chinese firm from U.S. pharmaceutical interests have rattled the biotech industry. The firm is deeply involved in development and manufacturing of crucial therapies for cancer, cystic fibrosis, H.I.V. and other illnesses.

The state’s Supreme Court ruled that the 1864 law is enforceable today. Here is what led to its enactment.

© Rebecca Noble/Reuters

Internet traffic dropped by 40 percent or more during the eclipse in states in the path of totality, including Maine, New Hampshire and Ohio, Cloudflare found.

© Madeleine Hordinski for The New York Times

A rarely used technique to upgrade old power lines could play a big role in fixing one of the largest obstacles facing clean energy, two reports found.

© Jim Wilson/The New York Times

Using artificial intelligence, middle and high school students have fabricated explicit images of female classmates and shared the doctored pictures.

© Shuran Huang

Across parts of the United States, Mexico and Canada, would-be eclipse-gazers are on the move for what could be a once-in-a-lifetime event.

© Todd Heisler/The New York Times

As medical practices owned by private equity firms fuel overbilling, a payment tool also backed by such investors helps insurers boost their profits.

© Madeleine Hordinski for The New York Times

The automaker said it would delay new battery-powered models and shift its focus to hybrid cars, sales of which are rising fast.

© Sylvia Jarrus for The New York Times

The video app is spending millions on ads as Congress considers a bill that could lead to a U.S. ban.

© Daniel Dorsa for The New York Times

Sales of the company’s electric cars dropped in the first three months of the year, even as other automakers sold more battery-powered vehicles.

© Philip Cheung for The New York Times

China has adopted some of the same misinformation tactics that Russia used ahead of the 2016 election, researchers and government officials say.

© Alice Lagarde

Tesla and China built a symbiotic relationship, with credits, workers and parts that made Mr. Musk ultrarich. Now, his reliance on the country may give Beijing leverage.

© Aly Song/Reuters

Silicon Valley chiefs are swarming the Capitol to try to sway lawmakers on the dangers of falling behind in the artificial intelligence race.

© Jason Andrew for The New York Times