Quick facts
1. The national standard "Information Security Technology Storage Media Data Recovery Service Security Specification" is publicly solicited for opinions
2. Beijing High-Level Autonomous Driving Demonstration Zone Data Classification and Grading White Paper 2.0 is released
3. The important information system data of a unit in Tianjin was seriously tampered with, and the local police A fine of 70,000 yuan was imposed.
4. Ukrainian hackers invaded the Russian aviation giant and stole more than 4.1 billion passenger information.
5. Offered $51 million! The international automation giant Johnson Controls was attacked by ransomware, causing some operations to be interrupted
6. The Academy of Information and Communications Technology released the "White Paper on Data Elements (2023)"
Policy news of the week
The national standard "Information Security Technology Storage Media Data Recovery Service Security Specification" is publicly soliciting opinions. On
September 28, 2023, the National Information Security Standardization Technical Committee issued a notice that the national standard "Information Security Technology Storage Media Data Recovery Service Security Specification" has now been formed. Standards Exposure Draft. In accordance with the requirements of the "Working Procedures for the Standard Development and Revision of the National Information Security Standardization Technical Committee", the draft of the standard is now open to the public for comments.
If you need to obtain file details, please leave a message "get it" in the comment area, and Xiao Ming will provide you with relevant information as soon as possible.
Information source: National Information Security Standardization Technical Committee https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20230928103632&norm_id=20221102094529&recode_id=53118
A quick look at industry news
Beijing High-Level Autonomous Driving Demonstration Zone Data Classification and Grading White Paper 2.0 Released On
September 22, the Beijing High-Level Autonomous Driving Demonstration Zone Work Office (hereinafter referred to as the "Municipal Autonomous Driving Office") officially released it at the 2023 World Intelligent and Connected Vehicles Conference "Beijing High-Level Autonomous Driving Demonstration Zone Data Classification and Grading White Paper 2.0" (hereinafter referred to as "White Paper 2.0") fully reflects the results of industrial innovation governance and forward-looking application practices, and provides Beijing with accelerating the formation of an open, comprehensive, and iterative data security governance system. References and Experience.
If you need to obtain the above white paper, please leave a message "Data Classification and Grading White Paper" in the comment area, Xiao Mingge will provide you with relevant information as soon as possible.
Source: Beijing High-level Autonomous Driving Demonstration Zone https://mp.weixin.qq.com/s/2KgnrFmLemKZDsZTb7DfHQ
The important information system data of a unit in Tianjin was seriously tampered with, and the local police imposed a fine of 70,000 yuan.
Some time ago, the Network Security Detachment of Nankai Branch of Tianjin Public Security Bureau received a clue: the important information system data of a unit within its jurisdiction has been maliciously tampered with, seriously endangering network security!
The Nankai Branch Network Security Detachment inspected the unit's institutional documents on-site, and after comparison and analysis, found that the information system used by the unit's operations had multiple problems: First, the technical measures to prevent network intrusion were imperfect, and there were problems within the physical network environment
. Monitoring vulnerabilities;
second, the network logs that monitor and record network operation status are less than 6 months old;
third, regarding risks such as security flaws and vulnerabilities, the unit did not take immediate remedial measures or report to relevant departments, and the information system continued to "bring "Disease" operation has given criminals an opportunity to take advantage of it.
In accordance with the provisions of Articles 21 and 59 of the "Cybersecurity Law of the People's Republic of China", the Nankai Branch imposed administrative penalties on the unit and relevant managers of RMB 50,000 and RMB 20,000 respectively.
Source: Cyber Security Bureau of the Ministry of Public Security https://mp.weixin.qq.com/s/teT0DKSTEZKM65TTf0P6qw
Ukrainian hackers hacked into the Russian aviation giant and stole more than 4.1 billion passenger information
Ukrainian hackers claimed to have broken into the database of the Russian company Sirena-Travel. The database contains information on hundreds of millions of air trips as well as passenger insurance and other personal data. News about the hack was posted on the Telegram channel of hacker community KibOrg. They claimed Muppets were behind the hack.
Hackers said that these two databases contained 3.5 billion passenger phone number records and 664.6 million personal information records (including flight numbers, routes, fares, ticket prices, etc.), and a total of 4.1646 billion passenger data were stolen. These data Covers the period 2007 to 2023.
Serena Travel is Russia's largest airline, providing ticket booking and sales, cultural and entertainment venues, insurance policy registration and other services. The company operates the country's first accredited air distribution system (ADS) "Sirena Travel", which was developed based on the recommendations of IATA (International Air Transport Association (IATA)) and provides agencies with an interface for booking and selling air tickets, and Provides airlines with tools to manage and control seat resources.
Source: E Security https://mp.weixin.qq.com/s/80wApqMaq_ID_4dtLWBv0Q
The asking price is $51 million! International automation giant Johnson Controls was hit by a ransomware attack that disrupted some operations.
Johnson Controls International was hit by what it called a massive ransomware attack that encrypted many of the company's devices, including VMware ESXi servers, affecting the company and its subsidiaries. Operations of the Company. Johnson Controls is a global leader in smart buildings, committed to creating safe, healthy and sustainable spaces. With a history of more than 140 years, Johnson Controls mainly develops and manufactures industrial control systems, safety equipment, air conditioning and fire safety equipment for healthcare, Schools, data centers, airports, stadiums, hotels, manufacturing and other industries provide a blueprint for the future.
The attack resulted in technical issues for several subsidiaries including York, Simplex and Ruskin, as evidenced by technical outage messages displayed on their respective website login pages and customer portals.
However, Johnson Controls has yet to issue an official statement on the incident.
Since this year, international automation giants such as Schneider Electric, Siemens Energy, ABB, and Honeywell have been attacked by ransomware. The "reverberation" of attacks on industrial automation manufacturers is likely to linger for months.
Source: Internet chat plus https://mp.weixin.qq.com/s/qNQAFLUUhu0UdmoKvTdGdQ
The Academy of Information and Communications Technology released the "White Paper on Data Elements (2023)"
On September 26, 2023, the China Academy of Information and Communications Technology released the "Data Elements White Paper (2023)" at the "2023 Data Elements Development Conference". He Baohong, Director of the Institute of Cloud Computing and Big Data of the China Academy of Information and Communications Technology, reviewed the white paper. In-depth interpretation.
Based on the "White Paper on Data Elements (2022)", the white paper further explores the theoretical understanding of data elements, focusing on new models, new business formats, and new hot spots that have emerged in the process of exploring data elements in the past year, focusing on resources, entities, and markets. , The development of the four major aspects of technology is expected to provide valuable reference for all sectors of society to further participate in the practical exploration of data elements.
If you need to obtain the above-mentioned white paper, please leave a message "Data Elements White Paper" in the comment area, Xiao Mingge will provide you with relevant information as soon as possible.
Source: CAICT https://mp.weixin.qq.com/s/TJDxp0R91XNwvHYvF6WPBA
Source: The content pushed by this Security Weekly is collected and compiled from the Internet. It is only for sharing. It does not mean that you agree with its views or confirm the authenticity of its content. Some content was pushed without contacting the original author. If copyright is involved, If you have any questions, please contact us and we will delete it as soon as possible. Thank you!