News – SCRM Portal

July 30, 2025August 7, 2025

Global Cyber Authorities Warn of Escalating Threat from Scattered Spider Group

In a joint cybersecurity advisory, authorities from the United States, Canada, the United Kingdom, and Australia have issued an urgent warning regarding the evolving tactics of the cybercriminal group known as Scattered Spider. This advisory comes from a coalition that includes the FBI, CISA, RCMP, NCSC-UK, ASD’s ACSC, CCCS, and the Australian Federal Police, reflecting the transnational scale and severity of the threat.

Scattered Spider—also tracked as UNC3944, Oktapus, Storm-0875, and Muddled Libra—has gained infamy for its brazen intrusions into commercial sectors, critical infrastructure, and IT service providers. The group’s attacks are marked by sophisticated social engineering, data theft, and ransomware extortion campaigns.

Read Full Article

July 1, 2025July 8, 2025

Accelerate together: Zero trust

Are you ready to accelerate zero trust at your agency?

“You have to be able to scale across hundreds of teams, thousands of workloads,” says AWS Principal Technologist Sean Phuphanich, when discussing how to make a zero trust architecture the foundation for modernization. “That’s really where a lot of the stumbling blocks come into play because then you’re dealing with a lot of different teams, different environments, different tools.”

Read Full Publication

July 1, 2025July 8, 2025

Johnson Controls starts notifying people affected by 2023 breach

Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023.

Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024.

Read Full Article

June 3, 2025June 12, 2025

TSA seeks OMB approval to extend pipeline security and cyber incident reporting requirements

The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.

Read Full Article

May 22, 2025May 22, 2025

A Proposal for a Zero-Trust-Based Multi-Level Security Model and Its Security Controls

The rapid advancement of technology and increasing data utilisation have underscored the need for new models to manage and secure big data effectively. However, the constraints of isolated network environments and the limitations of existing security frameworks hinder the adoption of cutting-edge technologies such as AI and cloud computing, as well as the safe utilisation of data.

Read Full Publication

May 14, 2025May 22, 2025

Fashion giant Dior discloses cyberattack, warns of data breach

House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.

A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.

Read Full Article

April 30, 2025May 8, 2025

US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers

A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives.

The House passed the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act on April 28, advancing the legislation after it was cleared by the House Energy and Commerce Committee three weeks earlier.

Read Full Article

April 23, 2025April 23, 2025

Building a Zero Trust Federation

Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource.

Read Full Publication

April 23, 2025

China has stopped exporting rare earths to everyone, not just the U.S., cutting off critical materials for tech, autos, aerospace, and defense

After Trump unveiled his “Liberation Day” tariffs on April 2, China retaliated on April 4 with its own duties as well as export controls on several rare earth minerals and magnets made from them.

So far, those export controls have translated to a halt across the board, cutting off the U.S. and other countries, according to the New York Times.

Read Full Article

March 27, 2025April 2, 2025

Zero Trust Privacy Assessment and Guidance

This publication provides guidance on how to use Zero Trust in privacy implementation. It highlights the core principles of privacy and how they can align with a Zero Trust architecture, touching on privacy impact assessments (PIAs) as well.

As the world increasingly digitizes, these recommendations become all the more critical. They aren’t just about protecting privacy. Zero Trust ensures that organizations identify, locate, process, and dispose of such data with the right level of security.

Read Full Publication