Dateline Moscow, Kyiv, Tallinn, Washington: Support for Ukraine, cyber and physical.
Ukraine at D+97: A slow advance in Luhansk. (The CyberWire) "Plodding and incremental," but still advancing slowly, Russian forces defend Kherson and push to take the rubble that was Sievierodonetsk. New US artillery is being sent to Ukraine, and NATO cooperates more closely with Kyiv in cyberspace.
100 days of war in Ukraine: how the conflict has developed (the Guardian) Friday marks the 100th day of Vladimir Putin’s war in Ukraine. This is how the Russian president’s ‘special military operation’ evolved into a bloody war of attrition
Ukrainian officials report 'shutdown of all communications' in Kherson region (Reuters) Ukrainian officials are reporting a "shutdown of all communications" in the Russian-occupied southern region of Kherson.
Ukraine Live Updates: U.S. to Send Advanced Rockets; Russians Reach Heart of Key Eastern City (New York Times) Pitched street battles raged in Sievierodonetsk as Russian forces pushed into the city center. The Ukrainians hope the long-range missiles being supplied by the U.S. will help thwart Russia’s eastern offensive.
Russian Military Is Repeating Mistakes in Eastern Ukraine, U.S. Says (New York Times) President Vladimir V. Putin sent in a new commander in April, but Russian troops are still facing morale and other problems, American officials say.
Russian forces advance in factory city, U.S. to send precision rockets to Ukraine (Reuters) Russian troops on Wednesday pressed closer to the centre of a factory city in their drive to grab a swathe of eastern Ukraine, while the United States said it would supply advanced rockets to Kyiv to help it force Moscow to negotiate an end to the war.
Deluded Putin wants you to believe seizing Severodonetsk is a big win for Russia (The Telegraph) Moscow appears on brink of seizing eastern Ukrainian city, but it has paid for that small chunk of blasted moonscape with blood and treasure
Luhansk governor says Russia now controls 70% of Sievierodonetsk (the Guardian) Fighting continues in key eastern city as Zelenskiy says up to 100 Ukrainian soldiers dying each day
The Tide Is Turning Toward Russia (French Press) It’s time to face some grim facts about the war in Ukraine.
Even as Russia Bears Down in the East, Some Ukrainians Stay Behind (New York Times) The Russian offensive grinds on, but not everyone is leaving the eastern Donbas region.
Ukrainian military reports advances in the south and intense fighting in eastern Donbas region (CNN) As the battle for the Donbas region heats up, Russian forces are trying to surround Ukrainian troops in Lysychansk and Severodonetsk.
Biden says US sending medium-range rocket systems to Ukraine (AP NEWS) The Biden administration says it will send Ukraine a small number of high-tech, medium-range rocket systems, a critical weapon that Ukrainian leaders have been begging for as they struggle to stall Russian progress in the Donbas region .
Opinion | President Biden: What America Will and Will Not Do in Ukraine (New York Times) The U.S. will help Ukraine be in the strongest possible position at the negotiating table. We do not want to prolong the war just to inflict pain on Russia.
Himars: what are the advanced rockets US is sending Ukraine? (the Guardian) High Mobility Artillery Rocket System can hit Russian targets up to 50 miles (80km) away, helping to ‘even the playing field’
Russia-Ukraine latest news: Kremlin accuses US of 'adding fuel to the fire' with long-range missiles (The Telegraph) The Kremlin has accused Washington of "adding fuel to the fire" by planning to supply Ukraine with advanced missile systems.
Kremlin says talks with Zelenskiy possible, but negotiations stalled (Reuters) Russia said on Wednesday that it did not rule out a meeting between President Vladimir Putin and his Ukrainian counterpart Volodymyr Zelenskiy, but that any such talks needed to be prepared in advance.
West's "irrational fear" of Russia driving ceasefire push- Ukrainian negotiator (Reuters) A Ukrainian presidential advisor and peace talks negotiator accused Europe and the United States of having an "irrational fear" of Russia in an interview released on Wednesday by news agency Interfax Ukraine.
Ukraine’s Best Chance for Peace (Foreign Affairs) How Neutrality Can Bring Security—and Satisfy Both Russia and the West
Kremlin TV Names the Country Putin Will Invade Next (The Daily Beast) And they don’t stop there, suggesting Britain and the U.S. would be targeted in a looming WWIII.
Putin Hasn’t Gone Far Enough for Russia’s Hawks (Foreign Policy) There’s dissent—but not from peaceniks.
Russian State TV discusses how to "destroy east and west coasts of U.S." (Newsweek) A Russian politician said four missiles would leave nothing of the east and west coasts, causing a mushroom cloud that would be visible from Mexico.
Ukraine joins its first NATO cyber defense center meeting (TheHill) Ukrainian officials met for the first time on Monday with the steering committee of the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in Tallinn, Estonia, following the country’s successful bid to join the cyber center.
US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command (Sky News) In an exclusive interview with Sky News, General Paul Nakasone confirmed for the first time that the US had "conducted a series of operations" in response to Russia's invasion of Ukraine.
Russian Killnet cyber attacks begin on Italian-linked businesses (IT PRO) Italy's cyber security authority issued a warning to all public and private sector organisations with links to the country to prepare for an increased number of cyber attacks from the pro-Russian hackers
Germany issues fresh warning to banks of cyber attacks due to Ukraine war (Reuters) The German financial regulator BaFin issued a fresh cyber security warning on Tuesday to the nation's financial sector due to the war in Ukraine following a recent increase in cyber attacks.
Counting the cost of Putin’s catastrophic war - in nine charts (The Telegraph) From deaths and destruction to soaring food prices, Russia's invasion has devastated Ukraine and sent shockwaves around the world
Putin Needs Help From China and India on Oil Europe Doesn’t Want (Bloomberg) European Union moves closer to ban on Russian seaborne imports. Top Asian buyers can still handle a little more Urals: Traders.
Putin’s World Order Would Be Devastating for Africa (Foreign Policy) Moscow is already deeply involved in destabilizing wars.
EU Sets Harshest Russian Sanctions, Targeting Oil and Insurance (Wall Street Journal) The European Union is set to set to impose its toughest sanctions yet on Russia, banning imports of its oil and blocking insurers from covering its cargoes of crude, as the West seeks to deprive Moscow of cash needed to fund the war on Ukraine.
Russian economy crashes 15pc as sanctions choke oil and arms trade (The Telegraph) Punitive measures appear to take toll on Moscow as it is braced for deepest downturn since fall of the Soviet Union
Oil prices surge, gas hits new high after E.U. cracks down on Russia (Washington Post) The U.S. average for a gallon of fuel climbs to $4.62 as Americans already are grappling with decades-high inflation
WSJ News Exclusive | OPEC Weighs Suspending Russia From Oil-Production Deal (Wall Street Journal) Some OPEC members are exploring the idea of suspending Russia’s participation in an oil-production deal as Western sanctions and a partial European ban begin to undercut Moscow’s ability to pump more, OPEC delegates said.
WSJ News Exclusive | Russian Oil Producers Stay One Step Ahead of Sanctions (Wall Street Journal) Russia is getting oil to market by using ship-to-ship transfers and tapping Indian refineries to hide the origins of gasoline and other products.
Ukraine Live Updates: U.S. to Send Advanced Rockets; Russians Reach Heart of Key Eastern City (New York Times) Pitched street battles raged in Sievierodonetsk as Russian forces pushed into the city center. The Ukrainians hope the long-range missiles being supplied by the U.S. will help thwart Russia’s eastern offensive.
The West should call Putin's bluff and escort Ukrainian grain ships (The Telegraph) Only naval action can abate this crisis now, lest we face mass starvation and political instability across the world
Seizing Russian Assets to Help Ukraine Sets Off White House Debate (New York Times) Some European officials want to use more than $300 billion in Russian central bank assets to rebuild Ukraine. But Biden administration officials warn that diverting those funds could be illegal.
Attacks, Threats, and Vulnerabilities
Latest cyberattack in Costa Rica targets hospital system (Reuters) A cyberattack struck Costa Rica's hospitals and clinics early Tuesday morning, the Costa Rican Social Security Fund (CCSS) said, the latest in a string of hacks targeting the Central American country in recent weeks.
Costa Rica’s public health agency hit by Hive ransomware (BleepingComputer) All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning.
Costa Rican Social Security Fund hit with ransomware attack (The Record by Recorded Future) The Costa Rican government continues to face off against ransomware gangs, confirming on Tuesday that its Social Security Fund was hit with a cyberattack.
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions (KrebsOnSecurity) Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data…
Attackers Continue to Target Critical WSO2 Flaw (Decipher) Weeks after the disclosure of the vulnerability (CVE-2022-29464) in WSO2 products, attackers are leveraging the flaw to install Linux-compatible Cobalt Strike beacons, cryptocurrency miners and more.
Microsoft Confirms Exploitation of 'Follina' Zero-Day Vulnerability (SecurityWeek) Microsoft has confirmed that Windows is affected by the Follina zero-day vulnerability (CVE-2022-30190), and the company has released workarounds and mitigations.
Microsoft releases guidance for Office zero-day used to target orgs in Russia, India, Tibet (The Record by Recorded Future) Microsoft has published guidance addressing CVE-2022-30190 – a zero-day vulnerability affecting several kinds of Office documents.
Document Exploiting New Microsoft Office Zero-Day Seen in the Wild (SecurityWeek) Researchers have issued a warning after spotting what appears to be a new Microsoft Office zero-day vulnerability exploited in the wild (dubbed Follina).
This zero-day Windows flaw opens a backdoor to hackers via Microsoft Word. Here's how to fix it (ZDNet) Microsoft recommends disabling a protocol used for troubleshooting Windows bugs that attackers are abusing with a malicious Word document.
Exploitation of VMware Vulnerability Imminent Following Release of PoC (SecurityWeek) A PoC exploit has been made public for a VMware Workspace ONE Access vulnerability that experts believe will be exploited at any moment.
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years (The Hacker News) Hackers from the SideWinder APT Group are responsible for over 1,000 new attacks since April 2020.
New XLoader botnet uses probability theory to hide its servers (BleepingComputer) Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation.
XLoader Botnet: Find Me If You Can (Check Point Research) Research by: Alexey Bukhteyev & Raman Ladutska Introduction In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how XLoader emerged in the Darknet community to fill the empty niche after Formbook sales were abruptly stopped by its author. We did... Click to Read More
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS (Threatpost) Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
The FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine (Internet Crime Complaint Center (IC3)) The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine.
Over 3.6 million MySQL servers found exposed on the Internet (BleepingComputer) Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.
Over 3.6 million exposed MySQL servers on IPv4 and IPv6 | The Shadowserver Foundation (Shadowserver) We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide.
Why we can expect more hacking of politicians’ phones (POLITICO) Increasing discoveries of spyware infections on the devices of politicians and government officials highlight a hard-to-solve tradeoff.
After Hive cyberattack, Partnership HealthPlan confirms data theft affecting 855K (SC Magazine) This week’s breach roundup includes several hacks and a massive theft of paper records and is led by a followup into the March cyberattack and network outage incurred by Partnership HealthPlan of California in March.
Four months later, Cox Media confirms ransomware attack (The Record by Recorded Future) The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June.
NYC schools ban use of Illuminate Education products after massive data breach (New York Post) The NYC Department of Education is calling it quits with a software company whose data breach has impacted at least 820,000 public school students.
Cybersecurity experts weigh in after city of Portland data breach (KATU) Cybersecurity experts said they're noticing a spike in data breaches, even just in the last year. This comes as the city of Portland reports a fraudulent transaction of about $1. 4 millionbecause of a breach. Staff with the city declined an interview, so KATU reached out to surrounding agencies to see how they prevent these kinds of incidents. Multnomah County's Chief Information Security OfficerDennis Tomlin said that's becoming increasingly challenging.
East Windsor Township residents offered free credit monitoring in wake of computer breach - centraljersey.com (centraljersey.com) East Windsor Township officials are offering free access to credit monitoring, fraud consultation and identity theft restoration services to residents who may have been affected by the recent breach of the township’s computer system. The East Windsor Township Council approved an agreement with Experian Consumer Services Identity Works in a resolution adopted by the council […]
Security Patches, Mitigations, and Software Updates
Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability (CISA) Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.
BD Pyxis (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Not Using Password Aging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or other sensitive information.
BD Synapsys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Synapsys Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete sensitive information.
Fuji Electric Alpha7 PC Loader (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha7 PC Loader Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution.
Mitsubishi Electric MELSEC iQ-F Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition by sending specially crafted packets. A system reset is required for recovery.
Mitsubishi Electric FA Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay 2.
Mitsubishi Electric Multiple Products (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Products Vulnerability: Predictable Exact Value from Previous Values 2.
Mitsubishi Electric Factory Automation Engineering Software (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2.
Trends
Countdown to Ransomware: Analysis of Ransomware Attack Timelines (Security Intelligence) Get the in-depth analysis on ransomware attack timelines, from initial access to ransomware deployment. More from IBM Security X-Force.
Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (Business Wire) Software intelligence company Dynatrace (NYSE: DT) announced today the findings of an independent global survey of 1,300 chief information security of
Most CIOs say their organizations are vulnerable to software supply chain attacks (SC Magazine) The Venafi report says the shift to cloud-native and move to DevOps has made software supply chains more complex – and vulnerable.
Medical devices are the soft cybersecurity underbelly for health care providers (Federal News Network) For hackers, internet-connected medical devices have become an attractive target more vulnerabilities that stay unpatched compared to computers.
Cyber Defense Confidence Ebbs as Ransomware Attacks Multiply (Wall Street Journal) Despite Washington’s recent attempts to expand cybersecurity rules and disrupt hacking gangs, ransomware continues to proliferate and executives report unease about their companies’ ability to ward off the threat.
Cybersecurity survey calls out UK CFO disconnect (Verdict) Given the major financial implications associated with cybersecurity breaches, CFOs should play a major role in responding to cyberattacks.
New Report Reveals APIs and Cloud Applications are CISOs’ Greatest Threat to Security Readiness (Business Wire) Research surveying over 400 CISOs finds they are prioritizing Zero Trust and partner risk management to help mitigate critical security challenges.
Survey Finds Few IT, Security Professionals Positioned to Address Growing Software Supply Chain Risk (ReversingLabs) ReversingLabs survey reveals software development teams are increasingly concerned about supply chain attacks and tampering, but lack the right tools.
WSO2 | Among IT Decision-Makers, 85% See Urgent Shift in Focus to Consumers' Digital Experiences in New "Reprogramming the Enterprise" Report from WSO2 (RealWire) While a majority of 500 IT decision-makers agree on the priority around delivering digital experiences, the survey revealed gaps in organisational readiness
London, UK – 1st June 2022 – In a survey of 500 IT decision-makers, 85% agree that there is an urgent shift toward focusing on consumers’ digital experiences
Marketplace
Electrosoft Strengthens Government Cybersecurity Expertise with Strategic Acquisition of Achilles Shield, Inc. (Electrosoft) Electrosoft today announced it has acquired Achilles Shield, Inc., a government cybersecurity services firm. The acquisition expands Electrosoft’s cybersecurity capabilities and services to federal civilian and defense organizations.
Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security (PR Newswire) Ordr has raised an additional $40 million to meet the growing need for organizations to understand, manage, and secure the growing number of...
ReliaQuest to Buy Digital Shadows for $160 Million (Wall Street Journal) Cybersecurity company ReliaQuest has agreed to buy threat intelligence specialist Digital Shadows for $160 million.
ReliaQuest to Acquire Digital Shadows (ReliaQuest) Combined company creates world-class security operations platform to offer customers unmatched visibility and detection to defend against threats.
Acumera Expands Services and Market Reach by Acquiring Netsurion’s Secure Edge Networking (GlobeNewswire News Room) The acquisition adds best-in-class people, clients and technologies to further Acumera’s leadership position in managed network services and edge...
Seemplicity emerges from stealth with $32M (TechCrunch) Seemplicity emerges from stealth with $32M to consolidate security notifications and speed up response times.
Surefire Cyber Tackles Incident Response With $10M Series A Funding (SecurityWeek) Forgepoint Capital is pumping $10 million into a startup incubated to provide incident response services to the cyber-insurance ecosystem.
Lookout Acquires SaferPass to Address the Rising Threat of Identity Theft (PR Newswire) Lookout, Inc., a leading provider of endpoint and cloud security solutions, today announced it has acquired SaferPass, an innovative Password...
Cybersecurity Training Firm Hoxhunt Raises $40 Million (SecurityWeek) Cybersecurity training firm Hoxhunt today announced that it has raised $40 million in Series B investment, which brings the total raised by the company to over $43 million.
HUB Security Acquires European Based Cyber Distribution Business (PR Newswire) HUB Cyber Security (Israel) Limited (TASE: HUB), a developer of Confidential Computing cybersecurity solutions and services ("HUB" or the...
Women-founded accelerator indicates plan to raise $50M fund (Washington Business Journal) The firm's venture arm is just two years old.
Boston cybersecurity pioneer wants to back startups (Boston Globe) A new $30 million investment fund from Newton cybersecurity company CyberArk aims to make early-stage investments in security-tech startups.
Panther Labs Joins Cloud Security Alliance in the Latest Move to Solve the Challenges of Security Operations at Scale (GlobeNewswire News Room) Panther Labs, a cloud-native threat detection platform that solves the challenges of security operations...
Chinese Firm That Accused NSA of Hacking Has Global Ambitions (Washington Post) For years, the US government and American cybersecurity companies have alleged that China is behind brazen hacks that have pilfered troves of sensitive documents.
Is Broadcom good for VMware’s security business? (Verdict) VMware’s net debt of $8 billion, on paper does not seem like an ideal fit with Broadcom strategic aspirations, but it has potential.
VMware partners, customers should proceed with caution and pressure Broadcom: Gartner (CRN Australia) Michael Warrilow said not to expect “business as usual” in the long-term.
As Bitcoin Falters, Crypto Miners Brace for a Crash (Wired) Electricity costs more, Bitcoin is worth less. What can possibly go wrong?
Votiro Partners with the National Wildlife Federation at RSA Conference 2022 (Business Wire) Votiro to raise money for Great Lake restoration while exhibiting at the 2022 RSA Conference; Participating in other conference-related events.
Booz Allen Names Kristine Martin Anderson COO (WashingtonExec) Booz Allen Hamilton has appointed Kristine Martin Anderson as chief operating officer, effective June 1. Anderson is an executive vice president, member
Gadi Evron joins Team8 as CISO-in-Residence (CTech) The former CEO of Cymmetria will help expand the group’s CISO Village and advise portfolio companies
QinetiQ US Hires David Harrison as VP of Business Operations (WashingtonExec) David Harrison has joined QinetiQ U.S. as vice president of business operations, to lead functional business operations to realize maximum business value
NINJIO Hires Finance Leader Teresa Alicer As New CFO (NINJIO) Leading cybersecurity awareness training company NINJIO continues to expand its executive team with a focus on hyper-growth in the coming year
Products, Services, and Solutions
The CyberWire and Dragos launch new podcast and newsletter, bringing critical attention to industrial infrastructure security. (The CyberWire) The CyberWire and Dragos, Inc. announced today the launch of Control Loop, a new podcast and newsletter covering operational technology (OT) and industrial control systems (ICS) security. With the aim of bringing attention to industrial cybersecurity, Control Loop is an informative and educational resource for the international community of infrastructure operators and security professionals. Control Loop is a collaboration between cybersecurity news leader the CyberWire, and Dragos, the global leader in cybersecurity solutions for industrial infrastructure.
Cybersecurity Initiative to Give Consumers New Digital Security Tools (Consumer Reports) The cyber initiative, launched with a $5 million grant to Consumer Reports from the Craig Newmark Philanthropies, will help people protect themselves from ransomware, phishing schemes, and other threats.
LookingGlass Cyber Unveils Innovative Intelligent Attack Surface Management Suite to Anticipate Threats and Prevent Attacks (GlobeNewswire News Room) Integrated product line provides tailored and contextualized insights into vulnerabilities and exposures to help organizations reduce and respond faster to...
Extending our capabilities across the cloud and critical infrastructure (Red Canary) Red Canary analyzes data from Amazon GuardDuty, Microsoft Office 365, and Dragos to deliver "MDR everywhere"
CrowdStrike Announces General Availability of Falcon Identity Threat Protection for U.S. Public Sector Organizations Requiring FedRAMP Moderate or IL-4 Authorization (Business Wire) CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced the general avail
Schneider Electric and ETAP announce new digital twin integration enabling operator training and simulations greatly reducing risk to operations (GlobeNewswire News Room) The integration of ETAP’s Operator Training Simulator and Power System Monitoring & Simulation into EcoStruxure™ Power Operation reduces risks related...
CynergisTek Announces First Win With Strategic Partner GroupSense For $220,000 Ransomware Readiness and Dark Web Monitoring Deal (Business Wire) Midwest health system with over 40 clinics and hospitals signs six-figure deal with CynergisTek
Flosum Trust Center secures Salesforce environments from cybersecurity threats and data breaches (Help Net Security) Flosum launched Flosum Trust Center, an integrated security solution to monitor for any potential threats within a Salesforce environment.
Mastercard boosts cyber consulting with new threat simulation platform (SC Magazine) Cyber Front has compiled a library of more than 3,500 real-world threat scenarios that Mastercard’s financial customers can utilize to help them “reveal security gaps and provide mitigation insights in real-time.
Traceable AI Introduces New Capabilities to API Catalog for API Discovery and Risk Management (PR Newswire) Traceable AI, the industry's leading API security and observability company, now offers an enhanced API Catalog solution to enable...
NTT DATA Selects Swimlane to Deliver Low-Code Security Automation in EMEA (Business Wire) Swimlane today announced its partnership with NTT DATA to reduce risk for shared customers via Swimlane’s award-winning low-code automation platform.
StrikeForce Achieves HIPAA Compliance with Compliancy Group (GlobeNewswire News Room) StrikeForce Technologies, Inc. (OTCQB: SFOR), a cyber security company that provides next-gen cyber, data...
SecureAuth Launches Arculix for Next-Generation Passwordless Authentication and Identity Orchestration (SecureAuth) SecureAuth Launches Arculix for Next Generation Passwordless Authentication and Identity Orchestration
PQShield collaborates with Microchip Technology to address quantum threat (Help Net Security) PQShield has delivered new deals to introduce its quantum-ready cryptographic solutions to organizations across sectors.
ESET Launches NetProtect Suite of Advanced Cybersecurity Offerings for Telcos and ISPs (Dark Reading) ESET, a global leader in cybersecurity, has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry, with the aim of offering extensive protection to consumers. Cybercrime is a borderless problem and ESET telemetry shows that the volume of cyberattacks is increasing, with a trend toward attacks against smartphones.
LookingGlass Cyber Unveils Innovative Intelligent Attack Surface Management Suite to Anticipate Threats and Prevent Attacks (GlobeNewswire News Room) Integrated product line provides tailored and contextualized insights into vulnerabilities and exposures to help organizations reduce and respond faster to...
Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect' (PR Newswire) Vectra AI, a leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises, today announced the launch of Vectra...
NetSPI's New Breach and Attack Simulation Enhancements Help Organizations Achieve Behavior-Based Threat Detection (PR Newswire) NetSPI, the leader in penetration testing and attack surface management, today announced new Breach and Attack Simulation (BAS) enhancements to...
SecurityScorecard Expands Platform, Services and Education to Help Customers Strengthen Their Security Posture from Visualization to Remediation of Threats (PR Newswire) SecurityScorecard, the global leader in cybersecurity ratings, today unveiled key enhancements to the industry's first holistic risk...
The 3 Biggest DDoS Attacks Imperva Has Mitigated (Imperva) Imperva has just released the DDoS Threat Landscape Report Q1 2022. Download it now to familiarize yourself with new threats and get detailed information about current DDoS attack patterns and their potential impact on your business. So far, 2022 has been a brutal year for DDoS attacks and we see the attack landscape becoming more […]
Bureau Veritas Certifies METIS Cyberspace Technology SA on Cyber Resilience (Hellenic Shipping News) Bureau Veritas (BV), a world leader in testing, inspection and certification, has awarded type approval certification (TAC) to an IoT solution offered by METIS Cyberspace Technology SA: ‘METIS IoT SYSTEM’. This solution is a combination of two services, ‘METIS SHIP CONNECT’ & ‘METIS SPACE’. It offers data acquisition and analysis through a highly sophisticated AI-based ...
5 top deception tools and how they ensnare attackers (CSO Online) Deception tools have come a long way in a few years and can now more closely emulate real network activity and help security teams identify and stop attacks.
Technologies, Techniques, and Standards
The Risks of Managing a Purchased Cyber Arsenal (Council on Foreign Relations) Exploit brokers have become a popular way for governments to acquire zero-days. However, the nature of the exploit market can complicate governments' decision-making processes on how to use these new…
Naming Adversaries And Why It Matters To Your Security Team (CrowdStrike) We dive into the world of adversaries to understand why attribution and an adversary-focused approach to cybersecurity is crucial to defending against cyberattacks.
Aligning Your Password Policy enforcement with NIST Guidelines (BleepingComputer) Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines.
How to Keep Your Enterprise Safe From Digital Supply Chain Attacks (Dark Reading) Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.
Zero-trust-washing: Why zero trust architecture is the framework to follow (Help Net Security) Zero trust architecture is a framework that requires an organization to take steps depending on the priorities of the business.
Identifying, managing ‘privileges’ key to protect office networks: CyberArk (HinduBusinessline) Employees can wittingly or unwittingly sneak malware into organisations
Design and Innovation
The Underground Company That Hacks iPhones for Ordinary Consumers (Vice) Researchers suspect the checkm8.info service is used by criminals to launder stolen iPhones. The tool's administrator claims the service is just a response to Apple's poor right to repair policies.
Can Behavioral Biometrics Change the Future of Cybersecurity? (CPO Magazine) Incidents such as the loss of millions of dollars through cyber identity theft at Microsoft Exchange have captured our attention throughout the pandemic. Did you know the overall rate of cybercrime has increased by 600%?
Research and Development
Tension Inside Google Over a Fired AI Researcher’s Conduct (Wired) Google employees claim a senior researcher fired earlier this year sought to undermine two more junior AI researchers by suggesting their results were wrong or even falsified.
Academia
Deloitte partners with universities and TAFE NSW for Cyber Academy launch (ARN) Deloitte has partnered up with the University of Wollongong (UOW), TAFE NSW and Swinburne University of Technology to create the Cyber Academy.
Deloitte Teams With Indian Institute of Technology, Roorkee to Build the Next Generation AI Talent (PR Newswire) Deloitte today announced a strategic collaboration with IIT Roorkee to deliver rigorous, immersive programs in artificial intelligence (AI) and...
Georgia leads nation in CyberStart efforts (University of North Georgia) With almost 6,400 high school students competing in the CyberStart America game, Georgia led the nation in participants.
Local teacher has plans for cyber security classes for students (WRDW) A local Army veteran and teacher wants to bring his cyber security experience to students across our area. He sat down with us and shared his plan to do just that.
Legislation, Policy, and Regulation
Can I talk to a human? Spain presents customer service bill (AP NEWS) Tired of speaking to a machine when you call the bank or power company? Spain’s government wants to end those nerve-shattering, one-sided conversations with a computerized answering service by making it obligatory for companies to offer a real, flesh-and-blood customer service worker when so requested by a caller.
U.S. government proposals spell out 5G security advancements (CSO Online) A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.
Why Commerce Went Against Microsoft on Rule to Control Cyber Exploits (Nextgov.com) The rule aims to prevent certain countries—most notably China—from receiving U.S. exports that could advance their intrusion and surveillance technology.
Cybersecurity needs a whole-of-society effort (The Hill) To the surprise of many, Russia has not launched large-scale cyber attacks against the United States or its NATO allies since invading Ukraine on Feb. 24. But as Western sanctions begin to bi…
U.S. Department of Homeland Security and Ransomware: The Research Findings (MSSP Alert) A report -- Use of Cryptocurrency in Ransomware Attacks, Available Data and National Security Concerns -- outlines 11 cybersecurity recommendations.
Seven years in the making, DHS's new cyber talent system boasts just one hire (FCW) Officials at the Department of Homeland Security say that change management efforts will help scale the Cybersecurity Talent Management System
FCC's 'Rip And Replace' Program Sees $5.6B In Requests (Law360) The Federal Communications Commission has fielded more than $5.6 billion in total requests for money to "rip and replace" network equipment manufactured in China, far more than Congress envisioned when it set aside funds for the program, the FCC said.
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations (Law360) California's new privacy regulator has issued the first draft of highly anticipated regulations for a revamped consumer privacy law that's set to take effect in January, proposing that companies be required to honor browser privacy signals while leaving several other topics unaddressed.
Senate Confirms New Cyber Command Deputy (MeriTalk) The Senate on May 26 voted to confirm a pair of Biden administration nominees for top-level military cybersecurity posts.
Litigation, Investigation, and Law Enforcement
Cyber Agency: Voting Software Vulnerable in Some States (SecurityWeek) A CISA advisory, details nine vulnerabilities in Dominion Voting Systems’ equipment and suggests protective measures to prevent or detect their exploitation.
There's no evidence of Georgia election hacks but still plenty to worry about (Washington Post) Dominion's voting machines have vulnerabilities, but there's no evidence they were hacked in Georgia
Supreme Court Gives Tech Industry Reprieve From Texas Social-Media Law (Wall Street Journal) The justices blocked Texas from immediately enforcing the new law that aims to prohibit large social-media platforms from suppressing users’ posts based on the content of their speech.
High Court Halts Texas Law Targeting Social Media Platforms (Bloomberg Law) A divided US Supreme Court blocked a Texas law that critics say would fundamentally transform Twitter Inc. and Meta Platforms Inc.’s Facebook by requiring them to allow hate speech and extremism.
New campaign highlights digital extortion threats and how to keep safe (Interpol) Be vigilant or #YouMayBeNext
Michael Sussmann acquitted in win for Hillary Clinton, Trump doubles down (Newsweek) "Our Country is going to HELL, and Michael Sussmann is not guilty. How's everything else doing?" Trump wrote in a rant on social media.
Special counsel loses first trial of Trump probe; Sussmann acquitted (Washington Post) ‘Politics were not a factor,’ the jury forewoman said after Michael Sussmann was cleared of lying to the FBI during the 2016 election
Seventh Member of International Cyber Fraud Ring Sentenced to Prison (SecurityWeek) The US Department of Justice has announced the sentencing of John Telusma, a former member of the international cybercrime enterprise known as the “Infraud Organization.”
Three Nigerian Users of Agent Tesla RAT Arrested (SecurityWeek) Interpol has announced the arrest of three Nigerians accused of using the Agent Tesla malware to redirect financial transactions and steal data.
Workers overpaid during cyberattack told they have to pay employers back (WSOC TV) “I believe there were other measures that could have been taken before coming directly back to us as the employees."
New York couple accused of laundering $4.5 bln in crypto still in plea talks (Reuters) A New York couple accused of laundering $4.5 billion in cryptocurrency tied to the 2016 hack of digital currency exchange Bitfinex are still negotiating a possible plea deal while reviewing more than 1.1 gigabytes of evidence in the case, prosecutors said.
India probes finances at ZTE and Vivo, irking China (Register) Clever asymmetrical economic warfare makes Beijing very uncomfortable
