News Week Ending May 22, 2022

New Cybercrime Reporting Rules
by Artie Kaye

Reporting cybercrimes is going to be mandatory for specific entities in the near future thanks to the Cyber Incident Reporting for Critical Infrastructure Act of 2022.  The basics of this are that if your company falls under the umbrella of this law, it will be required to report certain intrusions into its networks within 72 hours of it happening, and if any payment is made as a result of a ransomware attack a report must be filed within 24 hours of the payment.  What is still unknown is which entities are going to be covered by this, what needs to be reported, and how they need to be reported.  These finer details are going to be addressed in the coming months by the CISA, and nothing will go into effect until they’ve given the guidelines.  If you work with the government, it would be advisable to learn about the Act and keep tabs on its implementation going forward.

Mitel Software Vulnerable to Attack
by Artie Kaye

A DDoS exploit was found in software made by Mitel, exponentially worse than any previous vector for these attacks.  Mitel has patched the software which includes MiCollab and MiVoice.  If you’re using this software, update it.  DDoS attacks can render a website or service unreachable and are normally guarded against by a service like CloudFlare.  Your firewalls can be very helpful too.  If you’re concerned about DDoS attacks or believe you’re experiencing them, please call your support and discuss the concerns with them.

The flaw is listed as CVE-2022-26143.