Dateline
Ukraine at D+103: Intense fighting in the Donbas, and norms of cyber conflict. (The CyberWire) Intense fighting in the Donbas sees both sides hard-pressed, as Ukraine seeks to regain lost ground and Russia works for a clear tactical victory. Essays consider offensive cyber operations and the norms of armed conflict. Sanctions seen through Moscow's looking glass.
Ukraine morning briefing: Fierce street fighting rages in key city of Severodonetsk (The Telegraph) Plus: Russia turns over bodies of slain Azovstal fighters and the Kremlin's forces continue advance towards Sloviansk
Fighting rages in fierce battle for Ukraine's east (Reuters) Street fighting between Ukrainian and Russian troops raged in the battle for the industrial city of Sievierodonetsk as Moscow's forces pushed to conquer Ukraine's eastern Donbas, seeking a decisive win more than 100 days into the invasion.
Russia is trying to ‘wipe Severodonetsk off the face of the earth’ (The Telegraph) Ukraine warns that the Kremlin is attempting to leave Ukrainian fighters with nothing to defend as it razes eastern cities
What Happened on Day 103 of the War in Ukraine (New York Times) Soldiers desperate for advanced arms to match those of Russian forces have resorted to Google Translate to decipher the instructions for their new tools. The U.S. issued seizure warrants for two planes owned by a billionaire tied to Putin.
Exhausted Russian fighters complain of conditions in eastern Ukraine (the Guardian) Long deployments and a lack of training, support, food and equipment all affecting morale as war drags on
Ukraine’s position has ‘worsened’ in fight for Severodonetsk (Washington Post) Russia escalated its assault against Ukraine on the battlefield Monday, pummeling a city that has emerged as a key battleground in the east as Moscow expanded sanctions against those who have condemned its actions during the war.
Potent Weapons Reach Ukraine Faster Than the Know-How to Use Them (New York Times) Soldiers desperate for advanced arms to match their Russian enemies have resorted to Google Translate to decipher the instructions for their sophisticated new tools.
Battered by Russian Shells, a Monastery Remains Loyal to Moscow (New York Times) The monks and nuns cloistered in a monastery complex in eastern Ukraine absorb daily bombardments from Russian artillery. And yet they remain loyal to the Russian Orthodox Church.
Guerrilla Attacks Signal Rising Resistance to Russian Occupation (New York Times) Fueled by brutal Russian repression and worsening humanitarian conditions, Ukrainian partisans appear to be striking deep inside Russian-controlled territory.
Civilians on Ukraine’s Front Lines Face Food and Water Shortages and Worse—Lack of Medication (Foreign Policy) The battle for the Donbas could well be the deadliest phase of the war.
AP Exclusive: Russia begins returning bodies from steel mill (AP NEWS) Dozens of Ukrainian fighters killed at the Azovstal steelworks have been returned to Ukraine by the Russian occupiers of the fortress-like plant in the destroyed city of Mariupol , where their last-ditch stand became a symbol of resistance against Moscow’s invasion .
Who are the Chechens, Russia's most feared fighters? (Task & Purpose) "They certainly are effective at terrorizing populations."
An ex-member of one of the world's most dangerous mercenary groups has gone public (NPR) The Wagner Group, known as "Putin's shadow army," has come to the world's attention because of the Ukraine war. Marat Gabidullin, who left Wagner after fighting in Syria, has written a book about it.
More than three-quarters of Russians still support Putin’s Ukraine War (Atlantic Council) The latest polling data from Russia indicates that public support for the invasion of Ukraine remains strong despite higher than expected Russian casualties and widespread accusations of war crimes.
Russia has not abandoned its goal of crushing Ukrainian statehood (Atlantic Council) Ukraine has achieved a number of striking successes during the first phase of the Russian invasion but there is no room for complacency as Vladimir Putin's goal of crushing Ukrainian statehood remains unchanged.
It's time to show Putin a dead end in Ukraine, not an off-ramp (Atlantic Council) The West needs to pursue a Ukrainian victory, and offering Putin an off-ramp instead would be a big mistake.
Former NATO Chief: We ‘Overestimated’ Russia’s Military (Foreign Policy) Anders Fogh Rasmussen speaks to FP about Russian President Vladimir Putin’s war in Ukraine, the future of NATO, and more.
What If Ukraine Wins? (Foreign Affairs) Victory in the war would not end the conflict with Russia.
Why China Threads the Needle on Ukraine (Foreign Policy) Beijing is confident in the United States’ decline and unwilling to rock the boat.
How to Prepare for the Next Ukraine (Foreign Affairs) Washington must ramp up support for vulnerable partners—before it’s too late.
Russia-Ukraine latest news: Shelling kills one and injures three in Kharkiv (The Telegraph) A Russian strike on Ukraine's second city Kharkiv has killed one person and wounded three more, local mayor Ihor Terekhov said on television.
Milley equates ‘horrors’ in Ukraine with suffering during World War II (Washington Post) Speaking on the anniversary of D-Day, the top Pentagon general drew a direct comparison between Russia’s invasion of its neighbor and a conflict fought on the beaches of Normandy decades ago
Bond between Americans and Ukrainian forces they trained remains strong as war grinds on (CNN) The war in Ukraine became real for Col. Robert Swertfager on day one.
US Army veteran volunteers to train and fight with Ukrainians: 'These people inspire me every day' (Fox News) A U.S. Army veteran of the Iraq War has traveled to Ukraine to help train their forces in first aid and basic tactics in the country's ongoing war with Russia.
Russia ready to cooperate with all states in cyber domain (UNI India) Moscow, June 6 (UNI/Sputnik) Moscow is ready to work out international legal agreements with countries worldwide that will soberly assess the threat of cyber warfare, a senior Russian international information security official said on Monday.
The Russia–Ukraine War: Ukraine’s resistance in the face of hybrid warfare (Observer Research Foundation) Both the Ukrainian and Russian control and command systems are under heavy cyberattacks as an intense digital war ensues within the folds of the Ukrainian conflict.
Ukraine Symposium - U.S. Offensive Cyber Operations in Support of Ukraine (Lieber Institute: Articles of War) Last Wednesday, General Paul Nakasone, Commander of United States Cyber Command and Director of the National Security Agency, opened the NATO Cooperative Cyber Defense Centre of Excellence’s annual CyCon Conference. In his address, General Nakasone discussed the “defend forward” and “persistent engagement” operational concepts set forth, inter alia, in Cyber Command’s 2018 vision statement, Achieve and Maintain Cyberspace Superiority (see my thoughts on the concepts here and here).
Ukrainian officials' phones targeted by hackers -cyber watchdog (Reuters) The phones of Ukrainian officials have been targeted by hackers as Russia pursues its invasion of Ukraine, a senior cybersecurity official said Monday.
Major DDoS attacks increasing after invasion of Ukraine (SearchSecurity) The amount of DDoS attacks grew rapidly in the first quarter of 2022 amid Russia's invasion of Ukraine, but other countries are also experiencing disruption.
Moscow Threatens Reprisals for U.S. Correspondents – Reports (The Moscow Times) “If they don’t normalize the work of Russian media on U.S. territory, there will be forceful measures as a consequence.”
Ukraine Latest: Russia Bans Americans Including Yellen, Fink (Bloomberg) Ukraine is in talks with the United Nations on ways to export grain from ports blocked by Russia’s military, President Volodymyr Zelenskiy said, but Kyiv remains skeptical toward a tentative deal between Turkey and Moscow to restart shipments.
Russia sanctions U.S. Treasury and energy secretaries, defence and media executives (Reuters) Russia has imposed personal sanctions on 61 U.S. officials including Treasury Secretary Janet Yellen and Energy Secretary Jennifer Granholm and leading defence and media executives, the Russian foreign ministry said on Monday.
Google's Russian Empire Faces an Uncertain Future (Wired) After filing for bankruptcy, Google could withdraw from Russia or antagonize the country's regulators from overseas.
Russia storms out of UN after being accused of using food blockade as 'stealth missile' (The Telegraph) Vassily Nebenzia walks out of Security Council meeting after Charles Michel accuses Russia of 'pushing people into poverty'
Putin: Europe's 'Stupid, Short-Sighted' Policies Provoked Energy, Food Crises (Sputnik International) Officials in Brussels have repeatedly blamed Moscow for spiraling energy and food costs, while simultaneously freezing joint Russian-European energy projects and rejecting Russian gas and oil deliveries. On Friday, the EU formally approved...
U.S. Files Warrant to Seize Two Planes Owned by Russian Oligarch Roman Abramovich (Wall Street Journal) Prosecutors say owner of U.S.-made planes breached U.S. sanctions by flying into Russia; it is first U.S. action against high-profile Russian oligarch.
United States Obtains Warrant For Seizure Of Two Airplanes Of Russian Oligarch Roman Abramovich Worth Over $400 Million (US Attorney for the Southern District of New York) Damian Williams, the United States Attorney for the Southern District of New York, Andrew C. Adams, Task Force KleptoCapture Director, Michael J. Driscoll, the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), and Matthew S. Axelrod, Assistant Secretary of Commerce for Export Enforcement, announced today that the United States of America has been authorized to seize a Boeing 787-8 aircraft and a Gulfstream G650ER aircraft owned and/or controlled by Russian oligarch Roman Abramovich, pursuant to a seizure warrant from the U.S. District Court for the Southern District of New York, which found that the airplanes are subject to seizure and forfeiture based on probable cause of violations of the Export Control Reform Act (“ECRA”) and the recent sanctions issued against Russia.
United States Obtains Warrant for Seizure of Two Airplanes of Russian Oligarch Roman Abramovich Worth Over $400 Million (US Department of Justice) The United States of America has been authorized to seize a Boeing 787-8 aircraft and a Gulfstream G650ER aircraft owned and controlled by Russian oligarch Roman Abramovich, pursuant to a seizure warrant from the U.S. District Court for the Southern District of New York, which found that the airplanes are subject to seizure and forfeiture based on probable cause of violations of the Export Control Reform Act (ECRA) and the recent sanctions issued against Russia.
Attacks, Threats, and Vulnerabilities
LockBit 2.0 gang claims Mandiant as latest victim; Mandiant sees no evidence of it (CyberScoop) Mandiant said Monday it has no "evidence to support" the ransomware group's claims, but will monitor the situation.
Mandiant: “No evidence” we were hacked by LockBit ransomware (BleepingComputer) American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data.
Ransomware gangs now give victims time to save their reputation (BleepingComputer) Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries.
Ransomware Victims and Network Access Sales in Q1 2022 (KELA) In Q1 2022, ransomware gangs maintained their status as a major and central threat. They collaborated with various cybercriminals, such as initial access brokers (IABs), and aimed to conduct attacks against corporations worldwide. The following insights are drawn from KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q1...
Ransomware attacks have dropped. And gangs are attacking each other's victims (ZDNet) Research indicates victim numbers are dropping but the finance sector is experiencing more than its fair share of attacks.
FBI warning: This gang steals data for ransom, then makes harassing phone calls to pile on the pressure (ZDNet) FBI, CISA and others issue warning over Karakurt Team, which steals data, demands ransom in Bitcoin for not publishing it.
Ransomware's ROI Retreat Will Drive More BEC Attacks (Dark Reading) Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.
The Hacker Gold Rush That's Poised to Eclipse Ransomware (Wired) As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.
Cybereason Ransomware True Cost to Business Study Reveals Organizations Pay Multiple Ransom Demands (Cybereason) Cybereason, the XDR company, today published results of their second annual ransomware study during a year of unprecedented attacks to better understand the true impact on businesses.
Average Ransom Payment Up 71% This Year, Approaches $1 Million (Palo Alto Networks Blog) The average ransom payment in cases worked by Unit 42 incident responders rose to $925,162 during the first five months of 2022.
What we can learn from the leaked Conti ransomware group chats (SecurityBrief Australia) In February, Russia-based ransomware group Conti declared it would fully support the Russian Government during its invasion of Ukraine.
Bumblebee Loader Linked to Conti and Used In Quantum Locker Attacks (Kroll) Kroll has recently observed a new malware strain called “Bumblebee” operating as a loader, delivered via phishing email, in order to deploy additional payloads for use in ransomware operations. Read more.
State-Backed Hacker Believed to Be Behind Follina Attacks on EU and US (Infosecurity Magazine) An unnamed state actor is behind a phishing campaign targeting European and local US government entities
Critical U-Boot Vulnerability Allows Rooting of Embedded Systems (SecurityWeek) A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems
Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices (The Hacker News) Two unpatched security vulnerabilities have been disclosed in the open-source U-Boot bootloader used by Linux-based embedded systems.
Windows zero-day exploited in US local govt phishing attacks (BleepingComputer) European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina.
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users (The Hacker News) 10 of the most prolific banking Trojans targeting a wide range of applications available on the Google Play Store and used by over a billion people.
Cybercriminals continue to prey on Malaysian job-seekers - Kaspersky explains why (Digital News Asia) Job scams have been around for a long time, Kaspersky said, however, it is getting extra attention lately as Malaysians report receiving way more job invitations through text messages than ever before.
Are You Ready for a Breach in Your Organization's Slack Workspace? (Dark Reading) A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.
Microsoft bug banned Rewards accounts when redeeming points (BleepingComputer) Microsoft has fixed a bug where the Microsoft Rewards accounts of customers who redeemed points would get suspended without warning.
Apple Blocked 1.6 Million Risky, Vulnerable Apps in 2021 (SecurityWeek) Apple’s App Store prevented more than 1.6 million risky applications and app updates from defrauding users.
Novartis hit by cyberattack but says no sensitive data were compromised: report (Fierce Pharma) No one is immune from cyberattacks—not even pharmaceutical giants like Novartis.
Italian city of Palermo shuts down all systems to fend off cyberattack (BleepingComputer) The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists.
Sensitive Student Data From US Campus App Exposed (SafetyDetectives) Led by Anurag Sen, the SafetyDetectives cybersecurity team identified a data exposure affecting the US payment software provider Transact Campus.
According to t
Personal Information of Over 30,000 Students Exposed in Unprotected Database (SecurityWeek) Security researchers found an unprotected Elasticsearch server containing over 1 million records representing the personal information of tens of thousands of students.
Illuminate Education data breach now reported in Los Angeles schools, too (K-12 Dive) Three of the nation’s largest school districts have been recently hit by data breaches tied to ed tech vendors.
Texas Gulf Bank Confirms Data Breach Stemming from Unauthorized Access to Employee Email Accounts (JD Supra) Recently, Texas Gulf Bank (“TGB”) confirmed that the company experienced a data breach after an unauthorized party gained access to two employee email...
Fintech Company Lower LLC Issues Notice of Data Breach (JD Supra) Recently, Lower LLC confirmed a data breach after an unauthorized party gained access to the company’s computer network and removed certain files...
Somerset County Emails Back Online After Cyber Attack (Bridgewater, NJ Patch) After a cybersecurity breach infiltrated Somerset County almost 2 weeks ago, email is now back online yet some services are still down.
Labour Members Left in Dark Over Data Breach (Byline Times) Max Colbert reveals a lack of transparency from the party over a significant ransomware attack last year
Bulletin (SB22-157) Vulnerability Summary for the Week of May 30, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Security Patches, Mitigations, and Software Updates
Microsoft won’t say if it will patch critical Windows vulnerability under exploit (Ars Technica) Slow to act on the code execution bug from the start, company is still in no hurry.
Critical Account Takeover Vulnerability Patched in GitLab Enterprise Edition (SecurityWeek) DevOps platform GitLab has announced security updates that resolve multiple vulnerabilities, including a critical-severity bug leading to account takeover.
Trends
NTT Security Holdings Releases its 2022 Global Threat Intelligence Report (GlobeNewswire News Room) Report contains global attack data collected and analyzed from January 1, 2021, to December...
Proofpoint’s annual human factor report reveals how 2021 became the year cyber criminals got creative (ACE Times) Cyber criminals pivoted to unconventional people-focused attack methods last year, including 100,000 daily smartphone attacks and double the amount of smishing attempts year-over-year
Netacea | Bot attacks go undiscovered for average of 16 weeks (RealWire) New Netacea research shows businesses are leaving attacks unchallenged for almost four months.
Safe-T Group’s CyberKick Releases its First Periodic Cyber Threat Report (GlobeNewswire News Room) New Report Highlights Several Social Engineering Attacks and Provides Recommendations to Help Users Avoid Online Scams HERZLIYA, Israel, June 06,...
Cloud Security Alliance’s Top Threats to Cloud | CSA (CSA) Study reveals shift in cloud security focus from information security to configuration and authentication
Too Fast and Too Frivolous - Cyber Attacks Speed Ahead By 15x, While Companies Stall In Addressing Vulnerabilities According to SecurityScorecard Research (StreetInsider.com)
Only 10% of vulnerabilities remediated each month; Only 60% of companies improving security postures; Nearly a quarter facing more than 1,000 vulnerabilities according to global study with The Cyentia Institute...
CyberRes Galaxy Annual Report (Galaxy Threat Research Program) The year 2021 smashed all records...
Cyber criminals ‘smell’ opportunities to exploit new ecosystems (ITWeb) KnowBe4 Africa’s Anna Collard details how scammers are already looking to take advantage of the metaverse ecosystem.
Marketplace
RSA Conference 2022 Kicks Off in San Francisco (PR Newswire) RSA Conference, the world's leading information security conferences and expositions, opens its annual event today in San Francisco. Taking...
Cybersecurity M&A Activity Shows No Signs of Slowdown (Dark Reading) But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say.
Cybersecurity M&A Roundup: 36 Deals Announced in May 2022 (SecurityWeek) Thirty-six cybersecurity-related merger and acquisition (M&A) deals were announced in May 2022.
Cyderes: The New Powerhouse in Managed Cybersecurity (PR Newswire) Robert Herjavec, star of ABC's Emmy award-winning show Shark Tank and former CEO of #1 ranked MSSP Herjavec Group, announces Cyderes, the newly formed...
IBM Tackles Growing Attack Surface Risks with Plans to Acquire Randori (IBM Newsroom) IBM at RSAC 2022 announced it plans to acquire Randori, a leading attack surface management (ASM) and offensive cybersecurity provider based in the Boston area.
Tenable Completes Acquisition of Bit Discovery and Announces Tenable.asm for External Attack Surface Management (Tenable®) Foundational discovery functionality will also be integrated into existing solutions to help organizations understand their full digital footprint
Insight Enterprises Acquires Microsoft Partner Hanu Software Solutions - ChannelE2E: Technology News for MSPs & Channel Partners (ChannelE2E: Technology News for MSPs & Channel Partners) Global systems integrator Insight Enterprises has acquired Microsoft Partner Hanu Software Solutions to expand its global footprint.
Opal secures $10M for dynamic access management (TechCrunch) Opal, a startup taking an automated approach to access management, has raised $10 million to expand its reach in the enterprise.
CybSafe Raises $28M Series B Funding Round as It Eyes Up Global Leadership (Business Wire) CybSafe raises $28M Series B funding round as it eyes up global leadership; round was led by Evolution Equity Partners
Threat Awareness Firm HackNotice Raises $7 Million (SecurityWeek) Cybersecurity startup HackNotice has raised $7 million in a Series A funding round led by Strategic Cyber Ventures and Lytical Ventures
Reco looks to address data leaks with its $30 million Series A funding round (VatorNews) Funding will be used to improve the product plus help with go-to-market efforts.
Winston-Salem cybersecurity startup Salem Cyber raises $250,000 in seed funding with plans to hire (Triad Inno) Salem Cyber, a Winston-Salem cybersecurity startup, has raised $250,000 in seed funding with plans to hire to expand its capabilities.
Booz Allen Awarded First-Ever NASA Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) Contract (Business Wire) Booz Allen was awarded the NASA Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) contract.
Palo Alto Networks Reinforces the Need for a New Zero Trust Approach Through Latest Campaign (PR Newswire) In an effort to bring everyday cyber risks to the forefront of public awareness, Palo Alto Networks, the global cybersecurity leader, launched...
Cobalt Marks Start of 2022 with New CEO, Continued Momentum for PtaaS (PRWeb) Cobalt, the leading Pentest as a Service (PtaaS) company, today announced the milestones it achieved in the first half of 2022, including the addition of new C
Chris Krebs Joins Cybersecurity Firm as CISO Advisory Board Chair (GovTech) Former CISA director Chris Krebs has joined data security firm Rubrik, where he’ll help the firm better understand unmet cybersecurity needs across different sectors. The company homes in on data resiliency and recovery.
Dimension Data appoints Alan Turnley-Jones CEO for its Middle East and Africa Business (TechTrendsKE) Dimension Data has announced the appointment of Alan Turnley-Jones as Chief Executive Officer (CEO) for the Middle East and Africa (MEA)
Synack expands executive team, adds top cybersecurity talent as business surges (PR Newswire) Synack, the premier on-demand security platform for continuous penetration testing and vulnerability management, is expanding its executive...
Products, Services, and Solutions
Announcing 2022 Microsoft Security Excellence Awards winners (Microsoft Security) Spirits soared at the Microsoft Security Excellence Awards on June 5, 2022. And is it any wonder? The celebration marked the first time that Microsoft executives and Microsoft Intelligent Security Association (MISA) members had gathered in person in more than two years so it was a special night for many reasons!
Egnyte Wins 2022 Global InfoSec Awards in Data Governance and Data Security (Egnyte) Egnyte, a leader in cloud content security and governance, today announced that it has been recognized by Cyber Defense Magazine (CDM), the industry’s leading information security magazine, in the 2022 Global InfoSec Awards for the following categories: “Publisher’s Choice - Data Governance” and “Publisher’s Choice - Data Security.”
Skybox Security Named Market Leader in Risk-based Vulnerability Management by Global InfoSec Awards at RSA 2022 (Business Wire) Skybox Security, a global leader in Security Posture Management, is proud to announce we have won the following awards from Cyber Def
Versa SASE Wins Coveted Global InfoSec Award during RSA Conference 2022 for Best Network Security and Management (Yahoo Finance) Versa Networks, the recognized secure access service edge (SASE) leader, today announced that its industry-leading Versa SASE has won a 2022 Global InfoSec Award at the RSA Conference 2022 from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. Versa SASE was named the "Best Solution – Network Security and Management." Its industry-leading SASE capabilities are being demonstrated in Versa’s booth No. 4227 in Moscone
Trustwave Named Winner of the Coveted Global InfoSec Awards for Best Solution Cloud MDR Provider and Best Solution Global MDR Service Provider (Trustwave) Trustwave takes home awards for Best Solution Cloud MDR Provider and Best Solution Global MDR Service Provider in the 10th Annual Global InfoSec Awards at RSAC 2022.
Graylog Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2022 (Business Wire) Graylog is designed to provide increased visibility into activity occurring within business-critical infrastructure, systems, and applications.
Syxsense Secure Wins Global InfoSec Award for Most Comprehensive Endpoint Security Solution at RSA Conference 2022 (Bakersfield) Syxsense, a global leader in IT and security management solutions, today announced that Syxsense Secure has won the Global InfoSec Award for Most Comprehensive Endpoint Security Solution at the RSA Conference 2022. The Global InfoSec Awards, presented by Cyber Defense Magazine (CDM), honor leading infosec companies and products from around the globe. Judges are CISSP, FMDHS, CEH, certified security professionals that voted based on their independent review of company submitted materials.
Astrix Security Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2022 (KLTV) Astrix Security Wins Editor's Choice Award in 10th Annual Global InfoSec Awards at #RSAC 2022
NetSPI Named "Most Innovative in Penetration Testing" in the Global InfoSec Awards (PR Newswire) NetSPI, the leader in enterprise penetration testing and attack surface management, was awarded "Most Innovative in Penetration Testing" from...
Votiro Named Winner In 2022 CDM Global InfoSec Awards (Business Wire) Votiro today announced it has been named Publisher's Choice in the CDR category by the 2022 Cyber Defense Magazine (CDM) Global Infosec Awards.
GrammaTech CodeSentry Named Editor's Choice Winner for Software Supply Chain Security in Global InfoSec Awards at RSA Conference 2022 (Business Wire) Award illustrates the importance of a software bill of materials in preventing software supply chain attacks and unique capabilities of CodeSentry
ReversingLabs Named Winner of Coveted Global InfoSec Award During RSA Conference 2022 (GlobeNewswire News Room) ReversingLabs Wins Best Product, Application Security in 10th Annual Global InfoSec Awards at #RSAC 2022...
Cervello Named "Best Solution in Railway Cybersecurity" at the 2022 Global InfoSec Awards (PR Newswire) Cervello Ltd., the leading rail cybersecurity company, proudly announces its fourth consecutive win at the Annual Global InfoSec Awards as...
Radiant Logic Wins “Most Innovative Identity & Access Management Company” and “Hot Company: Identity Data” at RSA Conference 2022 (Business Wire) Radiant Logic announces wins in two Global InfoSec Award categories, including
Bishop Fox Wins Three Coveted Global InfoSec Awards from Cyber Defense Magazine (GlobeNewswire News Room) Bishop Fox Named Hot Company in Attack Surface Management, Winner of Most Comprehensive DevSecOps Solution, and Winner of Most Comprehensive Penetration...
IDX Wins Big at Global InfoSec Awards During RSA Conference 2022 (PR Newswire) IDX, a leading privacy platform and data breach response provider, has been recognized at this year's Global InfoSec Awards as the winners of...
Mandiant Digital Risk Protection Delivers Extensive Visibility into Vulnerabilities, Empowering Organizations to Proactively Defend Against Emerging Threats (Mandiant) Mandiant announces the launch of its digital risk protection solution
Arctic Wolf Extends Market Leadership with New Offerings to Uniquely Support Customers’ Business Resilience and Insurability (Business Wire) Arctic Wolf®, a leader in security operations, today announced the release of enhanced tools and programs advancing Tetra Defense’s MyCyber platform,
Fortanix Launches the Industry’s First Web 3.0-era Solutions Based on Confidential Computing to Secure Sensitive Digital Assets (Fortanix) New suite integrated within Fortanix Data Security Manager adopts a 360-degree platform approach and FIPS 140-2 Level 3 certification to deliver unprecedented digital security for decentralized finance
Absolute Software Announces New Partnerships with Leading ISVs Leveraging Absolute Application Persistence-as-a-Service (Absolute) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.
Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery (Dark Reading) CMS helps minimize the impact a cyberattack has on business operations, finances and reputation.
Cyber Recovery Solution (CRS) Is More Than Business Continuity (Optiv) Cyberattacks happen. Optiv CRS can help you get back to business.
Qualys VMDR 2.0 with TruRisk: Taking vulnerability management to the next level (Help Net Security) In this interview, Mehul Revankar, VP of Product Management & Engineering for VMDR at Qualys, talks about Qualys VMDR 2.0 with TruRisk.
Skyhigh Security rolls out new features for securing enterprise applications (SiliconANGLE) Skyhigh Security rolls out new features for securing enterprise applications - SiliconANGLE
DISA Selects Forcepoint Federal to Install Monitoring Software Under $89M Contract; Sean Berg Quoted - ExecutiveBiz (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: DISA Selects Forcepoint Federal to Install Monitoring Software Under $89M Contract;
Trulioo Accelerates Product Innovation to Safeguard Global Businesses (financialpost) Major platform update provides enhanced proof of address and anti-money laundering offerings to support customers in navigating complex regulatory landscapes
Deepfence and Lightstream Partner to Deliver Comprehensive Runtime Security for Enterprises Globally (Business Wire) Deepfence, a pioneer in the emerging security observability and protection space, today announced a strategic partnership with Lightstream, a managed
Noetic Cyber Delivers Platform Update to Bring Data Science into Cyber Asset Management (PR Newswire) Noetic Cyber, an innovator in Cybersecurity Asset Attack Surface Management (CAASM), today announced the availability of a new version of its...
HackerOne OpenASM enables customers to leverage scan data from multiple vendors (Help Net Security) HackerOne announced OpenASM, an initiative that combines scan data from customers’ ASM tools with security testing efforts.
SimSpace Unveils Expanded Open Cyber Range Platform at RSA Conference (Business Wire) SimSpace, the leading cybersecurity risk management platform company, today unveiled new updates to its award-winning cyber range to deliver the most
Dicker Data brings Carbonite and Webroot into security portfolio (ARN) Dicker Data has bolstered its security portfolio adding Carbonite + Webroot and OpenText Security Solutions to the mix for the A/NZ market.
RSAC 2022: Introducing CrowdStrike Asset Graph (CrowdStrike) We're excited to announce the CrowdStrike Asset Graph, a new graph database that lets organizations see the assets they have and how they interact with each other.
IDology Launches ExpectID® Business, Brings Know Your Business (KYB) to Industry-Leading Identity Verification Platform (IDology) IDology, a GBG Company and leading identity verification provider, announces the launch of ExpectID Business, adding Know Your Business (KYB) to its ExpectID platform.
Swimlane Unlocks the Promise of XDR with Turbine (Swimlane) Swimlane , the low-code security automation company, today announced the release of Swimlane Turbine - a breakthrough in capturing hard-to-reach telemetry and expanding actionability beyond closed extended detection and response (XDR) ecosystems. Turbine’s approach…
SafeBreach Unveils SafeBreach Studio (PR Newswire) SafeBreach, the pioneer in breach and attack simulation (BAS), today announced the release of SafeBreach Studio, an industry-first no-code...
CyberGRX and Google Cloud Collaborate to Enhance Cloud Customers’ Third-Party Risk Management and Accelerate Digitization (Business Wire) CyberGRX collaborates with Google Cloud to assist cloud customers with their due diligence, risk management and regulatory compliance needs.
PlainID adds Authorizers to its Authorization-as-a-Service Platform to enable Identity-First Security (PR Newswire) PlainID, the Authorization Company™, today announced the inclusion of authorizers to its highly anticipated "Authorization-as-a-Service"...
BlackBerry Launches new Zero Trust Network Access (ZTNA) Solution with CylanceGATEWAY (BlackBerry) BlackBerry Limited today unveiled how it is securely enabling remote workers and preventing malicious threat actors from compromising corporate networks using advanced AI-driven cybersecurity with CylanceGATEWAY’s new ZTNA-as-a-service capabilities.
BlueVoyant Unveils New Outcomes-Based Cyber Defense Platform: BlueVoyant Elements™ (PR Newswire) BlueVoyant, a rock-solid cyber defense company, today announced the launch of BlueVoyant Elements, an outcomes-based, cloud-native cyber defense...
Telefónica Tech Joins Forces with Netskope to Bring Cloud Security Solutions to the Corporate Environment (PR Newswire) Telefónica Tech, Telefónica's digital business unit, and Netskope, the leader in Security Service Edge (SSE) and zero trust, today announced an...
Putting the “Continuous” in Continuous Authentication (Beyond Identity) Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous.
Technologies, Techniques, and Standards
Tech and Manufacturing Firms Launch Industrial Cybersecurity Group (Wall Street Journal) Manufacturing and critical infrastructure organizations and security company Dragos Inc. on Tuesday will launch a group to provide cyber threat intelligence and protection tools for small and medium-size industrial companies, which are especially vulnerable to hackers.
System of Trust™
(MITRE) Supply Chain Security System of Trust™ (SoT) Framework
Setting the New Standard for Trust in Smart Home with Matter Protocol (Digicert) At DigiCert, we’ve supported the Matter standard throughout the process and believe it will promote greater interoperability, security and digital trust for consumers.
Virtru Announces New Open Source Project To Enable Universal Standard for Data Control (GlobeNewswire News Room) The OpenTDF project will enable developers to incorporate Zero Trust Data Control into their applications...
Virtru launches OpenTDF project to offer orgs zero-trust data controls (VentureBeat) Data encryption provider launches OpenTDF to enable developers to encrypt data traversing through applications.
Beating Ransomware With Advanced Backup and Data Defense Technologies (SecurityWeek) If we can mitigate file encryption ransomware with backup, can we mitigate double extortion by adding advanced PII protection through data encryption or tokenization?
Brush up on phishing detection to prevent ransomware (GCN) With ransomware commonly entering state and local IT networks through phishing emails, employees must learn to spot social engineering scams, a new report says.
DevSecOps is Big at RSA Conference This Year (2022) (Shift Left) The RSA Security Conference this week seems more focused toward developers than any RSA conference past. And it couldn’t happen at a better time, because attackers are increasingly taking aim at open source repositories to disrupt the software supply chain.
Design and Innovation
The Decade of Quantum Computing Is Upon Us, IBM Exec Says (Wall Street Journal) With business uses poised to accelerate, CIOs need to start tinkering with platforms, forming work groups and looking for problems the technology could address, says IBM Research’s Dario Gil.
Apple ‘passkeys’ could finally kill off the password for good (TechCrunch) Apple demonstrated “passkeys” at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good. It’s no secret that passwords are insecure, with easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. P…
Apple demos Safari’s ‘passkeys’ support in macOS Ventura that will help bring an end to passwords (The Verge) Passwords are over
Fewer devices, more automation and a better interface would help fight ‘alert fatigue’ (Defense News) Too many inputs can be disastrous, experts warn.
Research and Development
Cobalt Iron Patents Its Techniques for Optimizing Backup Infrastructure and Operations for Health Remediation (Yahoo Finance) LAWRENCE, Kan., June 07, 2022--Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that it has received a patent on its techniques for optimization of backup infrastructure and operations for health remediation. Granted on April 19, U.S. patent 11308209 describes new capabilities for Cobalt Iron Compass®, an enterprise SaaS backup platform. Compass will automatically restore the health of backup operations when they are affected by various failures and
Academia
Onapsis Joins Industry Campaign to Close the Cybersecurity Talent Gap (Onapsis) The rise of cybercrime and the increasing risk to your enterprise systems can leave your organization vulnerable. Read on to see why you need a vulnerability management solution that protects your business-critical applications.
Legislation, Policy, and Regulation
Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked (CPO Magazine) The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors.
WSJ News Exclusive | China to Conclude Didi Cybersecurity Probe, Lift Ban on New Users (Wall Street Journal) Chinese regulators are concluding yearlong cybersecurity probes into ride-hailing company Didi Global and two other U.S.-listed tech firms, preparing to lift a ban on adding new users.
US intel chief: Cybersecurity is only getting harder (The Record by Recorded Future) Innovation by cyber adversaries and within the commercial spyware sector are among the key aspects making digital security increasingly difficult for the U.S. intelligence community to effectively manage, the nation's spy chief said Monday.
Cisco EVP: Cybersecurity poverty line is human-rights issue (Register) It's going to become a human-rights issue, Jeetu Patel tells The Register
Rising Threats: Ransomware Attacks and Ransom Payments Enabled by Cryptocurrency (Home Security & Governmental Affairs) Witnesses
Megan Stifel
Chief Strategy Officer
Institute for Security and Technology
Bill Siegel
Chief Executive Officer
Coveware
Jacqueline Burns Koven
Head of Cyber Threat Intelligence
Chainalysis
INSA Recommends Ways to Improve Movement of Cleared Personnel Across Agencies; Larry Hanauer Quoted (ExecutiveGov) A new Intelligence and National Security Alliance white paper says delays in processing the transition of personnel with security clearances from one agency to another compromise the efficiency of more than 150,000 cleared contractors on an annual basis.
Improving Security Clearance Mobility (INSA) How to Save Time and Resources and Enhance Mission Outcomes
Biden Nominates Ambassador at Large for Cyberspace and Digital Policy Bureau (MeriTalk) President Biden has announced his intent to nominate Nate Fick as the ambassador at large to lead the State Department’s newly established Bureau of Cyberspace and Digital Policy (CDP).
Litigation, Investigation, and Law Enforcement
Pegasus: US Supreme Court seeks Biden's input on lawsuit against Israel's NSO (Middle East Eye) The United States Supreme Court wants the Biden administration to weigh in on whether Israel's NSO Group has sovereign foreign immunity from civil litigation in the US to determine whether a lawsuit by WhatsApp against the spyware company can proceed.
AlphaBay Is Taking Over the Dark Web—Again (Wired) Five years after it was torn offline, the resurrected dark web marketplace is clawing its way back to the top of the online underworld.
SPECIAL REPORT-How crypto giant Binance became a hub for hackers, fraudsters and drug traffickers (Reuters) In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea's nuclear...
Meet the Vigilantes Who Hack Millions in Crypto to Save It From Thieves (Vice) As hackers keep targeting crypto and Web3 projects, white hat hackers are striking back.
The Surreal Case of a C.I.A. Hacker’s Revenge (The New Yorker) A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues?
Justices Seek Feds' Say On WhatsApp, Spyware Co. Brawl (Law360) The nation's highest court called on the U.S. solicitor general Monday to outline the Biden administration's stance on whether American courts could hear WhatsApp's hacking case against the Israel security company behind the powerful "Pegasus" spyware.
Lawyers Want $3.6M Award In Insurance Software Breach Suit (Law360) One-third of an $11 million settlement to resolve a data-breach class action against Zywave Inc., a software provider for insurance companies, should go toward attorney fees, the three named plaintiffs in the case told a Texas federal court.