{
	"id": "d056d96e-13e1-414f-943a-549a67ed5f70",
	"created_at": "2026-05-01T03:09:09.447621Z",
	"updated_at": "2026-05-01T03:10:50.570056Z",
	"deleted_at": null,
	"sha1_hash": "bbfb3bc935fdbfba9d224ffb718f13779ec34d5b",
	"title": "Cyber Security News: Cyber Trust label, UK deepfake laws, Treasury attack details",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 144932,
	"plain_text": "Cyber Security News: Cyber Trust label, UK deepfake laws,\r\nTreasury attack details\r\nBy Rich Stroffolino\r\nPublished: 2025-01-08 · Archived: 2026-05-01 02:06:31 UTC\r\nCyber Trust marks to roll out in 2025\r\nIn 2023, the White House launched an initiative to add Cyber Trust labels to retail packaging for connected\r\ndevices. This was compared to the equivalent of Energy Star certification to indicate a consumer baseline of\r\ncybersecurity best practices. The FCC unanimously approved the label in March. Now, White House officials say\r\nthe label will start appearing on consumer devices this year. Deputy National Security Adviser for Cyber Anne\r\nNeuberger said an upcoming executive order will mandate that the federal government only purchase devices with\r\nthe Cyber Trust label as of 2027. The program will go off NIST cybersecurity criteria and inform users how long\r\ncompanies plan to provide software updates at the point of purchase. CISA, the FCC, and the Department of\r\nJustice will collaborate to oversee and enforce the program.\r\n(The Record)\r\nUK to criminalize sexually explicit deepfakes\r\nhttps://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/\r\nPage 1 of 4\n\nThe UK already criminalized the publishing of intimate media meant to cause distress without consent, aka\r\nrevenge porn, back in 2015. But that only accounted for actual images, not machine-generated ones. The British\r\ngovernment announced it will make creating and sharing explicit deepfake media that represents a real likeness a\r\ncrime, punishable with up to two years in prison. The government also said it will increase scrutiny on tech\r\nplatforms hosting these images. The Revenge Porn Helpline found that digitally altered revenge porn images have\r\nincreased by over 400% since 2017. \r\n(Reuters)\r\nCISA says government hack limited to Treasury\r\nLast week, the US Treasury Department informed lawmakers that state-sponsored Chinese threat actors breached\r\nits systems in a “major cybersecurity incident” through its remote support provider BeyondTrust.” After an\r\ninvestigation, CISA announced it found no signs of the breach impacting any other federal agencies. CISA said it\r\nwill continue to monitor the response to the attack and coordinate with “relevant federal authorities” as needed.\r\nInvestigators are still looking into the full scope of the Treasury attack but said there was no evidence the threat\r\nactors maintained access after the Treasury terminated its BeyondTrust instance. \r\n(Bleeping Computer)\r\nPhilippines targeted by Chinese threat actors\r\nBloomberg’s sources say Chinese state-sponsored actors orchestrated a yearlong campaign to penetrate systems of\r\nthe Philippines’ executive branch, stealing “sensitive” data. However, Department of Information and\r\nCommunications Technology Secretary Ivan Uy said the attacks did not compromise current data but did obtain\r\n“old data from many years ago.” Uy said his department deals with thousands of breach attempts against the\r\ngovernment daily and challenges the threat actors to publish details if they obtained relevant data. \r\n(Bloomberg, PhilStar)\r\nHuge thanks to our sponsor, Nudge Security\r\nNudge Security provides advanced security posture management for Okta, Microsoft 365, and\r\nGoogle Workspace. With Nudge, you’ll be alerted of identity security risks like weak or missing\r\nMFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and\r\non-going identity governance. Start a free 14-day trial today\r\n2,000 attacks launched against critical infrastructure\r\nhttps://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/\r\nPage 2 of 4\n\nTemple University’s Department of Criminal Justice maintains the Critical Infrastructure Ransomware Attacks\r\ndatabase, or CIRA. Operating since 2013, the database now holds details on over 2,000 different attacks, with\r\n45% added since February 2022. Government facilities, healthcare, public health, and education facilities were the\r\nmost commonly targeted in the last two years. While attacks on water infrastructure got a lot of attention, they\r\nwere among the least targeted. The database also shows ransom amounts increasing, with attacks requisitioning a\r\n$5 million or more ransom up 42% over the last two years. The entire dataset is available upon request from\r\nCIRA.  \r\n(Security Week)\r\nDefense Department ties Tencent to the Chinese military\r\nThe US Defense Department formally added Tencent, the parent company of the massively popular Chinese\r\nmessaging app WeChat, to a list of companies with ties to aiding and supplying the Chinese military, which could\r\npose a security risk to the US. While this designation doesn’t impose direct bans or sanctions, it does add\r\nconsiderable risk to Western companies doing business with it. Any sanctions would come from the Treasury. The\r\nDefense Department also added the firm CATL, the world’s largest EV battery maker, to the list. \r\n(Reuters)\r\nWashington sues T-Mobile over data breach\r\nBack in 2021, T-Mobile disclosed that a brute force attack on its corporate network resulted in a data leak\r\nimpacting 79 million people across the US. It took T-Mobile six months to discover the malicious activity when\r\ndata began appearing on hacking forums. Washington Attorney General Bob Ferguson filed a lawsuit against the\r\ntelco, claiming it misrepresented its cybersecurity capabilities. The lawsuit also criticized T-Mobile for not telling\r\ncustomers that specifically had Social Security numbers stolen and for sending brief and incomplete text message\r\nalerts about the breach. The lawsuit seeks a court order for T-Mobile to strengthen its cybersecurity practices and\r\nfinancial penalties under the Consumer Protection Act.  \r\n(Bleeping Computer)\r\nAviation agency investigating breach claims\r\nIn a post of BreachForums 2, the account “Natohub” claimed it compromised 42,000 documents from the UN’s\r\nInternational Civil Aviation Organization (ICAO), supposedly containing personal records of staff and others\r\nworking with the agency. ICAO did not confirm it suffered a breach but said it was “actively investigating reports\r\nof a potential information security incident.” The Natohub account doesn’t have an extensive track record of leaks,\r\nbut also made the unsubstantiated claim that it accessed personal data on thousands of UN delegates last month. \r\n(The Record)\r\nGreen Bay Packers’ online store sacked by threat actors\r\nhttps://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/\r\nPage 3 of 4\n\nThe American football team notified customers that a threat actor injected a card-skimming script into its official\r\nonline store sometime between late September and early October 2024. The team learned of the skimmer on\r\nOctober 23rd from the Dutch e-commerce security company Sansec. It immediately disabled checkouts and\r\npayment systems while investigating the issue. The skimmer could only steal information of customers paying\r\ndirectly with a payment card. Customers using gift cards, PayPal, and Amazon Pay were not impacted. No word\r\non how many customers the attack impacted, but the team will offer all victims three years of credit monitoring\r\nservices. \r\n(Bleeping Computer)\r\nSource: https://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/\r\nhttps://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cisoseries.com/cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details/"
	],
	"report_names": [
		"cyber-security-news-cyber-trust-label-uk-deepfake-laws-treasury-attack-details"
	],
	"threat_actors": [],
	"ts_created_at": 1777604949,
	"ts_updated_at": 1777605050,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bbfb3bc935fdbfba9d224ffb718f13779ec34d5b.pdf",
		"text": "https://archive.orkl.eu/bbfb3bc935fdbfba9d224ffb718f13779ec34d5b.txt",
		"img": "https://archive.orkl.eu/bbfb3bc935fdbfba9d224ffb718f13779ec34d5b.jpg"
	}
}