Dateline Moscow, Kyiv, Beijing: Russia's war in Ukraine and the international reaction to it.
Ukraine at D+90: Steeling Russians for a big push in a long war. (The CyberWire) Russia pushes hard in the Donbas and tightens its blockade of Ukraine's Black Sea ports. Russian media steel the public for a long (but ultimately victorious) war as they ramp up official denials of any legitimate Ukrainian national identity. Chinese cyber espionage operations appear to continue against Russian targets. And Ukraine gets propaganda advice from the Lincoln Project: don't demonize Putin; razz him.
Russia’s invasion of Ukraine: List of key events, day 91 (Al Jazeera) As the Russia-Ukraine war enters its 91st day, we take a look at the main developments.
Russian forces move to encircle Severodonetsk and sever supply lines (Times) Russian forces were on the verge of encircling the Ukrainian city of Severodonetsk in the Donbas region last night in what is becoming the crucial battle of t
Russian troops plunge through Ukraine lines in Donbas as fighting enters decisive week (Military Times) This week will be a decisive one for Ukraine’s prospects of holding the region — and Russia’s chances of seizing it.
Too late to evacuate civilians in face of Russian attack, says Luhansk official (the Guardian) Sievierodonetsk under intense bombardment and surrounded on three sides by Russian forces
Russia-Ukraine latest news: Kremlin sending 'insane' number of fighters to take Luhansk (The Telegraph) Russia has sent "an insane number of fighters and equipment" to take the Luhansk area of the Donbas, the governor of the region has said.
Between Front Lines, Ukrainian Reconnaissance Teams Hunt Russian Targets (Wall Street Journal) Battling a Russian offensive in Donbas, Kyiv’s forces—including its Carpathian Sich battalion comprising volunteers—gear up to strike back.
Ukraine says ‘fate of the country’ could be decided in Donbas battles (The Telegraph) Vladimir Putin’s troops close to encircling cities of Severodonetsk and Lyschansk, and seize three towns in Donetsk region
Along Ukraine’s northern border with Russia, fears of a new invasion (Washington Post) The deep trenches and scattered observation posts that marked Ukraine’s northern border with Russia were no match for the columns of tanks that rolled across on Feb. 24.
Exclusive: New data reveals just how hopeless Russia's air war has been (Newsweek) Russia has fired more missiles in the Ukraine war than have been fired by any country in any conflict since WWII—and has shockingly little to show for it.
Retired Russian general’s plane ‘blown out of the skies’ in Ukraine combat mission (The Telegraph) Kanamat Botashev, aged 63, is reported to have been piloting a fighter jet shot down by a rocket-propelled grenade
"We're never leaving": Russian TV pundits warn of lengthy Ukraine conflict (Newsweek) Russian state TV anchor Vladimir Solovyov said about Ukrainians on Russia-1 "look who conquered you."
Ukraine: 200 bodies found in basement in Mariupol's ruins (AP NEWS) Workers digging through the rubble of an apartment building in Mariupol found 200 bodies in the basement, Ukrainian authorities said Tuesday, as more horrors come to light in the ruined city that has seen some of the worst suffering of the 3-month-old war .
Ukraine Identifies Suspects in Killing of Village Mayor Near Kyiv (Wall Street Journal) Olha Sukhenko, the mayor of the village of Motyzhyn, and her family members were abducted and murdered by five Russian service members and three members of the Russian mercenary company Wagner Group, Ukrainian Prosecutor General Iryna Venediktova said.
Forty-eight more Russian soldiers will face war crime trials, Ukraine says (Newsweek) Ukraine's Prosecutor General Iryna Venediktova said Monday Kyiv is investigating almost 13,000 cases of suspected war crimes related to Russia's invasion.
Unknown APT group has targeted Russia repeatedly since Ukraine invasion (Malwarebytes Labs) An in-depth look at the attack chain used by an unknown APT group that has launched four campaigns against Russian targets since February.
Hackers target Russian govt with fake Windows updates pushing RATs (BleepingComputer) Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
Researchers Find New Malware Attacks Targeting Russian Government Entities (The Hacker News) Researchers have discovered a new cyberattack campaign targeting Russian government entities with at least four separate spear phishing campaigns.
Open Source Intelligence May Be Changing Old-School War (Wired) Intelligence collected from public information online could be impacting traditional warfare and altering the calculus between large and small powers.
Ukraine May Use Lincoln Project's Anti-Trump Tactics Against Putin (Newsweek) One of the biggest problems the Ukrainian government has, strategists said, is keeping the West and Americans paying attention to the battle against authoritarianism, because they have "extraordinarily short attention spans."
Be on guard as Russia’s war on Ukraine could drive cyber criminals to think outside the box (Engineering News) By Martin Potgieter, Nclose’s Co-Founder & Technical Director Russia’s war on Ukraine and its increasingly isolated internet environment could drive Russian cybercriminals to think outside the box and launch new forms of cyber attacks.
Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online (HackRead) Follow us on Twitter @HackRead - Facebook @ /HackRead
Ukraine War Shows Need for Global Data-Privacy Agreement, EU Officials Say (Wall Street Journal) Russia’s invasion points to a sharper “dividing line” between democratic countries with rules to protect privacy and more authoritarian nations that could misuse data, according to one official.
Moldova's pro-Russian former president Dodon detained, says he is innocent (Reuters) The head of Moldova's pro-Russian opposition party, former President Igor Dodon, said on Tuesday he had been detained by Moldovan authorities on corruption charges, a move which is likely to anger the Kremlin.
Hungary’s Orban Declares State of Emergency Over War, Economy (Bloomberg) Hungarian Prime Minister Viktor Orban declared a wartime state of emergency immediately after his new government was installed.
Hungary’s PM imposes state of emergency citing Ukraine war (Al Jazeera) Prime Minister Viktor Orban says the war in Ukraine represents ‘a constant threat to Hungary’.
Soros Warns ‘Civilization May Not Survive’ Putin’s War (Bloomberg) He sees Putin and Xi as ‘greatest threat to open society’. Billionaire previously criticized social media at Davos forum.
Kissinger suggests that Ukraine give up territory to Russia, drawing a backlash. (New York Times) The former secretary of state argued that ceding land could bring an end to the war. Critics called the idea reckless and unrealistic.
Henry Kissinger is wrong. Vladimir Putin deserves nothing less than defeat (The Telegraph) The Kissinger approach to international relations has its merits, but on Russia the appeasers are wrong
Putin made ‘big strategic mistake’ in Ukraine, NATO chief says in Davos (Washington Post) The shadow of war in Europe continued to cast a pall over the high-impact networking of the World Economic Forum in Davos, Switzerland, on Tuesday, as leaders criticized Russia’s ongoing invasion of Ukraine.
‘Almost nobody is happy with Putin’ (Meduza) Meduza’s sources say a new wave of pessimism in the Kremlin has Russia’s hawks demanding more brutality in Ukraine while others scout for presidential successors
Moscow insiders ‘discuss Vladimir Putin successor’ as unease over Ukraine war grows (Telegraph) Kremlin insiders are discussing a successor to Vladimir Putin amid growing discontent with the course of the war in Ukraine, according to a reputable Russian media outlet.
Putin Is Going to Lose His War (Foreign Affairs) The world should prepare for instability in Russia.
Russia’s Military Was Doomed by Putin’s Culture of Militarism (World Politics Review) As useful as the insights of Clausewitz or Jomini can be to understanding the Russo-Ukrainian war, they are the product of a particular historical moment in the early 19th century. The insights of 20th-century scholar Alfred Vagts may provide a better guide to how social context shapes militaries’ performance on the battlefield.
How to Build Putin a Gilded Bridge Out of Ukraine (Foreign Affairs) The lessons of the Soviet retreat from Afghanistan.
Escape From Moscow (Foreign Affairs) The new Russian exiles—and how they can defeat Putin.
Alexei Navalny: Judge said sorry for jailing me... and now she's dead (The Telegraph) Russian opposition leader says Natalya Repnikova told him she regretted her ruling before she died in suspicious circumstances
Russia Edges Closer to Default as US Lets Key Waiver Expire (Bloomberg) Carveout allowing payments to Americans will end at midnight. US seeks to raise pressure on Moscow over war in Ukraine.
Russian Harmful Foreign Activities Sanctions Regulations 31 CFR part 587 GENERAL LICENSE NO. 9C Authorizing Transactions Related to Dealings in Certain Debt or Equity (US Department of the Treasury, Office of Foreign Assets Control) (a)(1) Except as provided in paragraphs (d) and (e) of this general license, all transactions prohibited by the Russian Harmful Foreign Activities Sanctions Regulations, 31 CFR part 587 (RuHSR), that are ordinarily incident and necessary to dealings in debt or equity of one or more of the following entities issued prior to February 24, 2022 (“Russian financial institution debt or equity”) are authorized through 12:01 a.m. eastern daylight time, May 25, 2022, provided that any divestment or transfer of, or facilitation of divestment or transfer of, Russian financial institution debt or equity must be to a non-U.S. person:
U.S. intelligence document shows Russian naval blockade of Ukraine (Washington Post) World leaders call the Kremlin’s actions a deliberate attack on the global food supply chain
Ukraine-Russia War Is Fueling Triple Crisis in Poor Nations (Wall Street Journal) More than 70 countries could follow Sri Lanka into default, says the United Nations.
Russia Is Winning From the Global Food Crisis It Helped Create (Bloomberg) While Ukraine’s ports are blocked, Russia is shipping grains to willing buyers at higher prices.
Poland Seeks U.S., EU Infrastructure Help to Transport Blocked Ukrainian Grain (Wall Street Journal) Warsaw is pushing the U.S. and European Union to help rapidly expand the rail infrastructure needed to export Ukraine’s grain harvest, circumventing Russia’s naval chokehold, said Polish Prime Minister Mateusz Morawiecki.
Support Grows for Naval Escorts for Ukraine Grain, Estonia Says (Bloomberg) Russia has effectively stopped Ukraine sending grain by sea. Ukraine is a major exporters of wheat and prices are rising.
War Stories: Ukraine’s Space Professionals Share Their Experiences (Satellite Today) Ukraine has a vibrant, up and coming space industry with rich heritage that has been thrown into doubt due to Russia’s invasion. In this feature, some of Ukraine’s most prominent space professionals share their personal accounts of the invasion, and how they see the future for the space industry as war rages in their country.
Attacks, Threats, and Vulnerabilities
Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack (HackRead) A seemingly ‘politically motivated’ DDoS attack knocked down the Port of London authority’s website.
REvil Resurgence? Or a Copycat? (Akamai) Akamai researchers have been monitoring a distributed denial of service (DDoS) campaign against one of Akamai’s customers claiming to be associated with the infamous ransomware-as-a-service (RaaS) group, REvil.
RansomHouse: Bug bounty hunters gone rogue? (Help Net Security) Cyber extortion group RansomHouse is stealing organizations' data, offering to delete it and provide a report on how they did it - for a fee.
Data theft gang RansomHouse might be 'frustrated' white hat hackers, researchers claim (Tech Monitor) New hacking gang RansomHouse claims to have altruistic intentions, but not all cybersecurity analysts are convinced.
Lazarus Web Exploits HEATing Up (Menlo Security) The Menlo Labs research team has been tracking the activity of the infamous Lazarus Group. This blog will cover what we’ve observed across our customer base and how Menlo prevented an attack orchestrated by these threat actors who have been leveraging Highly Evasive Adaptive Threat (HEAT) techniques to bypass existing security technology to compromise victim organizations.
PyPI Served Malicious Version of Popular 'Ctx' Python Package (SecurityWeek) The popular 'Ctx' Python package has been replaced on PyPI with a malicious version designed to steal AWS credentials.
About half of popular websites vulnerable to pre-hijacking (Register) In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start
Nation-state malware could become a commodity on dark web soon, Interpol warns (Security Affairs) Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non […]
Third-Party Digital Supply Chain Risk: Exposing the Shadow Code on Your Web Properties (Source Defense) Contact:Bryan GrilloCHEN PR for Source Defensebgrillo@chenpr.com781-672-3129 First-of-its-Kind Report Sizes Massive “Shadow Code” Risk for World’s Largest Businesses Third-party digital supply chains from retail to healthcare expose all to major potential security and privacy compliance breaches; financial services most exposed and exceeding average external code on sensitive pages by nearly 60%. ROSH HA’AYIN, Israel and NEW
How Secrets Lurking in Source Code Lead to Major Breaches (The Hacker News) If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack".
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message (The Hacker News) Newly reported vulnerabilities in Zoom video conferencing software could allow attackers to hack into victims' systems.
Chaining Zoom bugs is possible to hack users in a chat by sending them a message (Security Affairs) Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022-22784 through CVE-2022-22787, […]
Ransomware attacks on hospitals put patients at risk (Hastings Tribune) A University of Vermont Medical Center employee accidentally opened an emailed file from her homeowners association, which had been hacked, in October 2020.
‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge (Wired) Researchers found a litany of security flaws that allow simple, quick, and cheap forgeries in Australia.
US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info (Infosecurity Magazine) The stuffing attack exposed customer information and allowed hackers to redeem rewards points
Hackers Breached Some GM Accounts, Accessing Personal Data (Bloomberg) Automaker said hackers bought gift cards using rewards points. Sensitive data such as Social Security numbers not affected.
Indian airline SpiceJet's flights impacted by ransomware attack (BleepingComputer) Indian low-cost airline SpiceJet has informed its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures today.
Nikkei Says Customer Data Likely Impacted in Ransomware Attack (SecurityWeek) Asian media giant Nikkei has disclosed a ransomware attack that might have impacted customer data.
Troup confirms cyber attack on city was ransomware (WGEM) Quincy Mayor Mike Troup said the investigation into the attack discovered last week a request for a ransom to provide an encryption key to unlock hijacked data.
Cyber Attack Shuts Down Somerset County Email, Postpones Commissioner Meeting (Bridgewater, NJ Patch) All Somerset County offices and phone lines are open and working, but emails to county personnel can not be received or responded to.
CISA Adds 20 Known Exploited Vulnerabilities to Catalog (CISA) CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog (Security Affairs) US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR (CVE-2022-20821). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: […]
Cybersecurity watchdog again flags multiple vulnerabilities in Google Chrome browser (CNBCTV18.com) CERT-In has highlighted 24 "high severity" vulnerabilities in the browser, using which a hacker could take control of a user's system, deny them access (akin to a ransomware attack) or steal sensitive data. The latest version of Google Chrome is 102.0.5005.61/62/63 for Windows and 102.0.5005.61 for macOS and Linux.
Vulnerability Summary for the Week of May 16, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Zoom Patches ‘Zero-Click’ RCE Bug (Threatpost) The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Trend Micro fixes bug Chinese hackers exploited for espionage (BleepingComputer) Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.
Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own (BleepingComputer) Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest.
Screencastify Chrome extension flaws allow webcam hijacks (BleepingComputer) The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders.
Rockwell Automation Logix Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to the targeted device, which could lead to a denial-of-service condition.
Matrikon OPC Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command execution with system-level privileges through the support of the IPersistFile COM interface.
Mitsubishi Electric FA Engineering Software Products (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency 2.
Mitsubishi Electric Factory Automation Engineering Products (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2.
Trends
Blumira Releases 2022 State of Detection and Response Report, Revealing Identity-Based Attacks as Top Threat in 2022 (PR Newswire) Blumira, a leading cybersecurity provider of automated threat detection and response technology, today released the 2022 State of Detection and...
NCC Group Monthly Threat Pulse – April 2022 (Mynewsdesk) The number of victims of ransomware attacks appears to have stabilised this last month, according to NCC Group’s strategic threat intelligence team. In...
Verizon DBIR: If it's not about cash, it's about spying (The Record by Recorded Future) "Bottom line: most data thieves are professional criminals deliberately trying to steal information they can turn into cash," the report says.
DBIR Makes a Case for Passwordless (Dark Reading) Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.
Call of DeFi: The Battleground of Blockchain (Bishop Fox) Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersecurity attack. To understand the risks of these new blockchain technologies and use cases, we analyzed the main hacks that occurred in 2021.
Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society (Dark Reading) Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.
2022: The Year of Access Why the road to Modern Security starts with Access. (strong DM) Zero Trust is aspirational. Access is Addressable.
Compliance Falls Short: New Research Shows Up to 83% of Known Compromised Passwords Would Satisfy Regulatory Requirements (Specops Software) Organizations of all kinds look to regulatory recommendations and standards for guidance on how to best construct a secure password policy for their...
Email revealed to be riskiest channel for data loss (SecurityBrief Australia) More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
GDPR grey area catching out the majority of property professionals (Today's Conveyancer) While 98% of property professionals believe they are fully GDPR compliant, the vast majority are failing to take the necessary steps.
Marketplace
Nisos Announces $15 Million in Series B Funding Round (Dark Reading) New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.
ShardSecure® Secures $11M in Series A Funding from Grotech Ventures, Gula Tech Adventures, Tom Noonan, strategic investor KPMG LLP, and existing venture investors (PR Newswire) ShardSecure, inventor of Microshard™ technology that mitigates data security and privacy risks in the cloud, has closed an oversubscribed $11M...
Parsons signs deal to acquire Xator for $400m (Army Technology) Xator develops C4ISR solutions, including integrated electronic and technical security systems, biometrics, and cUAS, among others.
Parsons to Acquire Xator, Adding State Department to Client Roster and Bolstering Biometrics Portfolio (FindBiometrics) Parsons, a Virginia-based federal contractor, has acquired Xator Corp. in a transaction valued at $400 million.
Clearwater acquires CynergisTek to address growing cybersecurity and compliance needs (Help Net Security) CynergisTek announces it has entered into a definitive agreement to be acquired by Clearwater Compliance LLC in an all cash transaction.
WSO2 | WSO2 Completes $93 Million Series E Growth Funding Round with the Investment from Info Edge (RealWire) Info Edge, which joins lead investor Goldman Sachs Asset Management in the Series E, provides a strategic contribution to WSO2’s accelerated business expansion across India
'Bad news for customers' - VMware partners left with mixed feelings over potential Broadcom deal (CRN) VMware partners have spoken to CRN about Broadcom’s potential $60bn acquisition of the cloud computing company
Is Cybersecurity Recession Proof? (The Analyst Syndicate) Few of us think of cybersecurity spending as discretionary. In other words, with the number of reported ransomware attacks, emergency directives from CISA, and Executive Orders, you would think that rising inflation, a stock market crash, and dire warnings from prognosticators like Harry Dent, would not impact demand for cybersecurity Yet the stock market obviously…
Google Cloud positions itself as a 'standalone security brand' (Cybersecurity Dive) The platform reinforced its bid to become an all-inclusive security provider with forthcoming services for open source software and zero-trust architecture.
Okta CEO: If we 'build that trust back, we're going to be fine' (Protocol) In an interview with Protocol, Okta CEO Todd McKinnon said the cybersecurity firm could’ve done a lot of things better after the Lapsus$ breach of a third-party support provider earlier this year.
Onapsis Appoints Kellie Snyder as Chief Customer Officer (Business Wire) Onapsis, the leader in business-critical application cybersecurity, announces the appointment of Kellie Snyder as Chief Customer Officer.
McAfee CEO Peter Leav to step down, Greg Johnson to take over (Reuters) Cybersecurity firm McAfee Corp on Tuesday appointed consumer tech veteran Greg Johnson as chief executive officer succeeding Peter Leav who will step down.
Rubrik Appoints Former Central Intelligence Agency (CIA) Chief Information Security Officer (CISO) Michael Mestrovich as the Company’s CISO (Rubrik) Rubrik Strengthens Cybersecurity and Policy Expertise; Continues Building its Distinguished Leadership Team to Tackle the Ransomware Challenge.
Proven Cybersecurity Sales Leader Joins Avocado Systems to Bring Application Security Innovation to Global Organizations (Business Wire) Avocado Systems, an innovator in application security, today announced the hiring of James Sortino as chief revenue officer. Sortino will lead Avocado
Veteran Cybersecurity Expert, Michael Orozco Joins MorganFranklin Consulting (Business Wire) MorganFranklin Consulting, a leading finance, technology, and cybersecurity advisory and management firm that specializes in solving complex transform
Products, Services, and Solutions
Mobile - Pixm Anti-Phishing (Pixm Anti-Phishing) Request Demo Phishing protection beyond your inbox Take the guesswork out of spotting mobile phishing attempts Phishing is designed to trick users into entering credentials. With more employees communicating through text and social and business applications, attackers are finding a new way in. PIXM Mobile stops employees from entering their credentials. Using computer vision technology, […]
Corelight Announces New Platform to Deliver Open-Source Powered Network Evidence Integrated with Machine Learning and Behavioral Analytics (Corelight) Corelight today announced Corelight Investigator, a SaaS-based solution that extends the power of network evidence to SOC teams.
Introducing The NinjaOne 5.3.2 Release (NinjaOne) The NinjaOne 5.3.2 platform update adds new features and enhancements across all primary product with notable improvements to patching, backup, and more.
Gen.G and 1Password Partner to Reinforce Importance of Online Security in Gaming (PR Newswire) Global esports organization, Gen.G, and human-centric security leader, 1Password, are partnering to launch 'Quest for the Lost Console' – a...
AppOmni’s Market-Leading SaaS Security Management Solution Launches on Google Cloud Marketplace (Business Wire) AppOmni, the leading provider of SaaS security, is now listed in the Google Cloud Marketplace. The Marketplace offers integrated solutions vetted by G
GitLab Inc.’s Partner Ecosystem Expands to Meet Increasing Demand for DevOps Solutions (GitLab) Partner Program Enables Business Innovation and Growth for Customers
New Frameworks: CCPA, ISO 27701, & More (Drata) We've added frameworks to the Drata platform including CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, CMMC, and FFIEC.
Configit Introduces Breakthrough System-Level Configuration Solution (PR Newswire) Configit, the global leader in Configuration Lifecycle Management (CLM), today announced new breakthrough capabilities in its market-leading...
Netenrich Introduces Resolution Intelligence® Platform (Netenrich) Netenrich introduced Resolution Intelligence platform, a new operational analytics platform that delivers advanced security and digital operations at scale.
Netskope Revolutionizes Data Protection with Patented Lightweight, Cloud-Powered Endpoint Data Loss Prevention (PR Newswire) Netskope, the leader in Security Service Edge (SSE) and zero trust, today announced a key expansion of data protection capabilities to endpoint...
XM Cyber Counters Attacks Involving Microsoft Active Directory Exploits (PR Newswire) XM Cyber, the multi-award-winning attack path management company, announced today a new security capability for Microsoft's Active Directory...
Theta Lake Expands Integration with RingCentral to Offer Free Advanced and Integrated Archiving and eDiscovery (Business Wire) Theta Lake, a leader in modern collaboration security and compliance solutions, today announced its expanded integration with RingCentral to include a
CybeReady Receives Acclaim on Gartner® Peer Insights Ratings and Reviews Site as 100% of Reviews Recommend the Company (EIN News) High Rating Achieved for World’s Fastest Security Training Platform
Censornet introduces integrated IDaaS to enhance context-based security (Help Net Security) Censornet is introducing integrated identity as a service (IDaaS) into its intelligent cybersecurity platform.
WISeKey Launches its Trusted Identity Metaverse at Davos with a Human Centric Approach (GlobeNewswire News Room) WISeKey Launches its Trusted Identity Metaverse at Davos with a Human Centric Approach https://www.wisekey.com/wisekey-webinar/davos-2022-register/ ...
Barracuda expands cloud-native SASE platform (IT Brief New Zealand) The expansion of Barracuda's cloud-native SASE platform for hybrid deployment models and IIoT environments solves a number of challenges.
Boardriders taps Darktrace tech to defend against cyber threats (Retail Technology Innovation Hub) Boardriders, the parent company of sports brands like Quiksilver and Billabong, has deployed Darktrace’s autonomous response technology, Antigena, to defend against cyber threats across the organisation’s digital environment.
New Mend service auto-detects and fixes code, app security issues (CSO Online) Mend, formerly WhiteSource, announces new service designed to detect and fix code security issues, reduce the software attack surface and application security burden.
Tigera's CNAPP Platform, Calico, Now Available on SUSE Rancher Kubernetes Engine 2 (RKE2) (PR Newswire) Tigera, which provides the industry's only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for...
TalaTek SaaS GRC Solution, TiGRIS, Now StateRAMP Authorized (TalaTek, LLC) TiGRIS Authorized for Agencies Seeking Cloud-Certified Solutions to Manage Compliance and Risk Management
QuSecure’s QuProtect Receives Top Govies Government Security Award for Cyber Defense (Business Wire) QuSecure™, Inc., an innovator in post-quantum cybersecurity, (PQC) today announced that its quantum orchestration platform, QuProtect™, the industry’s
Keeper Security Awarded Master Service Agreement from The Quilt to Provide Enterprise-Grade Password Security to the Public Sector (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets, and connections,...
Technologies, Techniques, and Standards
SolarWinds: Here's how we're building everything around this new cybersecurity strategy (ZDNet) The SolarWinds supply chain attack was one of the biggest cyber incidents there's ever been. Here's how the company has dealt with the aftermath.
Design and Innovation
‘Beam Me Up:’ Nation’s First Quantum Drone Provides Unrivaled Security (Florida Atlantic University) Researchers are developing the nation’s first drone-based, mobile quantum network for unhackable wireless communication. Quantum protects information by the laws of nature and not just by a clever manmade code.
Announcing Project Pyrsia: Community-Driven Trusted Software Packages (JFrog) Pyrsia is designed to be entirely decentralized, providing developers a secure package network that has full provenance of all the packages & artifacts they depend on.
Research and Development
‘Quantum Internet’ Inches Closer With Advance in Data Teleportation (New York Times) Scientists have improved their ability to send quantum information across distant computers — and have taken another step toward the network of the future.
Legislation, Policy, and Regulation
China must be able to destroy Musk’s Starlink if it poses threat: scientists (South China Morning Post) Researchers call for development of anti-satellite capabilities including ability to track, monitor and disable each craft.
US, Australia, India and Japan announce cybersecurity initiatives on software, supply chains (The Record by Recorded Future) The US, India, Australia and Japan announced a partnership that will see the companies work together on several cybersecurity initiatives.
Quad nations pledge deeper tech collaboration (Register) But think tank says its past attempts at working together haven't gone well
Winning the Tech Battle With China: The Example of Huawei (The Heritage Foundation) Whenever China policy is talked about in the U.S., the conversation often turns to how the Trump administration “got China’s attention.” It did, indeed—specifically, by complicating its plans for tech dominance—a policy that should continue in the current administration. Beijing has assigned technology a central role in its global rivalry with the U.S. Allowing it to succeed would threaten Americans at home and our interests abroad.
Canada Is Banning Huawei and ZTE From Its Cellular Network. Here's Why. (MUO) Canada raises concerns about critical infrastructure security.
New EU-US Data Transfer Pact On Path To Fail, Schrems Says (Law360) Austrian privacy activist and lawyer Max Schrems, who spearheaded the legal challenges that led to the demise of a pair of vital transatlantic data transfer mechanisms, has cautioned European Union and U.S. policymakers that their proposed replacement framework was unlikely to fare any better unless "substantive" changes are made.
Digital super agency likely for $10b transformation (Australian Financial Review) The new government is overhauling the ministerial responsibilities for the annual $10 billion digital transformation program.
Say goodbye to JAIC and DDS, as offices cease to exist as independent bodies June 1 - Breaking Defense (Breaking Defense) The Joint Artificial Intelligence Center, Defense Digital Service and ADVANA teams will be officially subsumed into the new CDAO office at the start of the month.
DOD not meeting same standards it plans to hold contractors to under CMMC (FedScoop) The Pentagon established new requirements under the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to hold contractors to better protecting sensitive defense data. But the Department of Defense itself hasn’t yet proven it can meet those same standards. Under CMMC 2.0, contractors will have to meet, at minimum, 110 security practices to do business with […]
US lawmakers urge Google to limit location tracking to protect women seeking abortion (Computing) It comes ahead of the expected overturning of the 1973 decision by the US Supreme Court that safeguards a woman's right to have an abortion
California parents could soon sue for social media addiction (AP NEWS) California could soon hold social media companies responsible for harming children who have become addicted to their products, permitting parents to sue platforms like Instagram and TikTok for up to $25,000 per violation under a bill that passed the state Assembly on Monday.
Litigation, Investigation, and Law Enforcement
Trove of damning Xinjiang police files leaked as U.N. rights chief visits China (Washington Post) A cache of leaked documents detailing draconian surveillance and reeducation practices in Xinjiang has shed fresh light of the scale of Beijing’s multiyear crackdown on ethnic Uyghurs in the region and cast a shadow over a highly orchestrated six-day trip to China by the U.N. high commissioner for human rights, Michelle Bachelet.
EXCLUSIVE: ISIS Plotting To Assassinate George W. Bush In Dallas (Forbes) Two confidential informants and surveillance of an Iraqi national's WhatsApp account reveal plans to smuggle assassins into the U.S. to murder the former president, according to a search warrant application discovered by Forbes.
Interpol arrests alleged leader of the SilverTerrier BEC gang (BleepingComputer) After a year-long investigation that involved Interpol and several cybersecurity companies, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a prominent business email compromise (BEC) group known as SilverTerrier or TMT.
INTERPOL hauls in alleged Nigerian cybercrime ringleader (CyberScoop) The group is believed to have hit more than 50,000 victims.
Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor (Unit42) INTERPOL and The Nigeria Police Force arrested a prominent business email compromise actor as part of Operation Delilah.
Remote learning apps shared children’s data at a ‘dizzying scale’ (Washington Post) The educational tools used by students during the pandemic shared their information with advertisers and data brokers that could track them around the Web, an international investigation found
Amazon Urged To End Support For DHS Biometric Program (Law360) A coalition of immigration and technology advocacy groups urged Amazon on Tuesday not to provide web hosting services for the U.S. Department of Homeland Security's biometric information database, citing concerns about the project's implications for civil liberties and privacy rights.
Hunter Biden emails that Trump allies shared contain signs of possible 'tampering,' analysis suggests (CyberScoop) Researchers shared the data to provide a more complete context about the data and questions surrounding it, they said.
Data Breach-Related Securities Suit Filed Against Cyber Firm Okta (Insurance Journal) Following a trend in directors and officers litigation involving cybersecurity firms, Okta Inc. now faces a securities class action lawsuit alleging the
'King Of Slots' Drops Suit Saying Spyware Co. Hacked Phone (Law360) An Italian casino owner known as the "King of Slots" has dropped a federal lawsuit accusing an Israeli spyware company of hacking his iPhone as part of a long-running vendetta pursued against him and his businesses by the governments of the Netherlands and Italy.
Maryland Man Pleads Guilty to Threats to NSA and NSA Workers (US News and World Report) Prosecutors say a Maryland man has pleaded guilty to making threats against the National Security Agency and its employees.