SecurityWeek reports that the Cybersecurity and Infrastructure Security Agency has updated its Infrastructure Resilience Planning Framework with new tools and recommendations aimed at helping state, local, tribal, and territorial organizations strengthen critical infrastructure resiliency amid increasing threats.
CISA has integrated new critical infrastructure identification tools within the updated framework's Datasets for Critical Infrastructure Identification guide.
"This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites," said CISA, which has also introduced updated drought resilience information in the framework.
CISA Infrastructure Security Director David Mussington said that the new additions would bolster planning for future threats.
"Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience," Mussington added.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.