On April 7th, Direct iT attended the NDIA’s informative session on Zero Trust and CMMC 2.0 at Northeastern University’s Innovation Campus in Burlington, MA. Many people deeply involved in CMMC 2.0 traveled from all around the country to participate, including Stacy Bostjanick, head of the CMMC program in the Office of the DoD CIO, who gave a fascinating talk.

Towards the end of 2021, the Department of Justice unveiled its plans to use the False Claims act to enforce federal contractual cyber-security requirements. In early March, they announced "the first resolution of a False Claims Act case involving cyber fraud since the launch of the department's Civil Cyber-Fraud Initiative", according to an announcement posted on the agency's website.

While Google and Bing are the most popular search engines in most English-language countries, Russian-language speakers use Yandex. Last month, the Financial Times reported that Yandex's Appmetrica, a "real-time ad tracking and mobile apps analytics solution" which is integrated into Android and iOS apps, has the ability to send a user's metadata to a database accessible by the Kremlin.

The Federal Trade Commission announced at the end of March that they will be taking action against Intuit Inc, whose products include software such as TurboTax, Mint, and QuickBooks, for what they are calling "deceptive" advertising practices.

According to an Administrative Complaint filed against the company, "Much of Intuit’s advertising for TurboTax conveys the message that consumers can file their taxes for free using TurboTax, even going so far as to air commercials in which almost every word spoken is the word 'free.

According to WHDH 7News, the town of Tewksbury is trying to get more than $100,000 back after a threat actor posing as a vendor successfully tricked a town employee.

According to Town Manager Richard Montuori, what appeared to be a normal vendor e-mail asking about payment from authorized invoices was in fact a spoofed e-mail address.

Hackers have scooped the data of more than 515,000 people from the Red Cross, according to a press release by the organization mid-January. According to the International Committee of the Red Cross, the information obtained includes confidential and personal identifying information of "highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.

The amount of total losses through fraud originating on social media is now 19 times higher than it was just five years ago in 2017, according to a Consumer Protection Data Spotlight published by the Federal Trade Commission on Jan 25.

According to the report, "More than 95,000 people reported about $770 million in losses to fraud" from threat actors using social engineering through social media in 2021.

The FTC explains that social media is a low-cost strategy.

The Baker-Polito administration filed their FY 2023 Budget proposal at the end of last month, which includes $164.1 million to be used by the Executive Office of Technology Services and Security for a multitude of cybersecurity and infrastructure updates.

The next step in critical infrastructure cybersecurity defense now begins as Joe Biden, like modern presidents before him, signed the National Defense Authorization Act of 2022 into law at the end of last month.

Sections 861-867 focus on Small Businesses, including committing the Department of Defense to analyze and review how their Cybersecurity Maturity Model Certification (CMMC) can work for small businesses.

Almost a quarter of Americans (23%) have reported losing money to a phone scam in the past year, according to Truecaller Insights US Spam & Scam Report 2021. The actual percentage of people who have fallen for a scam, whether or not they've given money, is 31%.

Truecaller estimates that in total, Americans lost $29.8 billion, with an average of $502. Expanding, Truecaller says that 60% of these calls were robocalls instead of actual humans.