Dateline
Ukraine at D+106: Cyber ops and escalation. (The CyberWire) An artillery war in the Donbas. Russia warns that Western, especially US, "aggression and encouragement of banditry" in cyberspace risks escalation into full combat, and that Washington can be sure that Moscow will retaliate. Beijing issues a similar warning, with special mention of the risks small countries assume when they accept American cybersecurity aid. Canada is on "high alert" for Russian cyberattacks. And Mr. Putin identifies with Tsar Peter the Great.
Live updates | Ukraine: Russia still attacking eastern city (AP NEWS) The Ukrainian army says Kyiv’s forces continue to frustrate Russian attempts to take the fiercely contested eastern city of Sievierodonetsk. “The occupiers, with the help of motorized rifle units and artillery, conducted assault operations in the city of Sievierodonetsk.
‘Dead Cities’ Become the Flashpoint for the Fierce War in the East (New York Times) President Volodymyr Zelensky has framed the battle in Sievierodonetsk as pivotal to the broader fight for the Donbas. Amid relentless Russian attacks, Ukraine holds on and waits for Western weapons.
Key city's fate in balance as fighting rages in east Ukraine (AP NEWS) Russian forces pounded an eastern Ukrainian city Thursday and the two sides waged pitched street battles that Ukrainian President Volodymyr Zelenskyy said could determine the fate of the critical Donbas region.
UK says Mariupol at risk of cholera outbreak (Reuters) Ukraine's southern city of Mariupol is at risk of a major cholera outbreak as medical services are likely already near collapse, Britain's defence ministry said on Friday.
We’re almost out of ammunition and relying on western arms, says Ukraine (the Guardian) Exclusive: Deputy head of military intelligence says it’s an artillery war now and ‘everything depends on what the west gives us’
Live Updates: Ukraine’s Pleas Grow Louder as Soldiers Are Outgunned and Putin Talks of Empire (New York Times) As Ukrainian soldiers try to hold on in the besieged city of Sievierodonetsk, President Volodymyr Zelensky said that his country must not be forced to stay in a “gray zone” and that it needed more weapons and E.U. membership.
Russia Crisis Military Assessment: The impact of multiple rocket launcher transfers to Ukraine (Atlantic Council) To help Ukraine expel Russian forces from its territory, the United States must begin its full transition to US-made equipment now, write our military fellows. Here's what that means.
Russia-Ukraine war: Kremlin defends death sentences for captured Britons; UK MP says pair being ‘used as hostages’ – live (the Guardian) Sergei Lavrov attempts to justify sentencing of Aiden Aslin and Shaun Pinner after former UK minister described it as a ‘war crime’
Ukraine fears a long war might cause West to lose interest (AP NEWS) As Russia’s invasion of Ukraine grinds into its fourth month, officials in Kyiv have expressed fears that the specter of “war fatigue” could erode the West's resolve to help the country push back Moscow's aggression.
Zelensky urges West to pull Ukraine from "grey zone" (Newsweek) Ukrainian president condemned "skeptical" politicians who are hesitating over Kyiv's European Union bid.
A Ukraine Strategy for the Long Haul (Foreign Affairs) The West needs a policy to manage a war that will go on.
Three Truths about the Realities of War in Ukraine: A Response to the New York Times (Wilson Center) In a recent article, the New York Times essentially called on the US government to be realistic and recognize that Ukraine cannot defeat Russia. The appeal to be realistic drew my attention because, to a large extent, this entire war is being fought for the kind of reality we will live in and what we believe to be true.
Don’t let digital authoritarians lead the way in connecting the world (Atlantic Council) The democracies of the world aren't stepping up enough to connect billions of unconnected people. Here's what they can do.
Putin the Great? Russia’s President Likens Himself to Famous Czar. (New York Times) Vladimir Putin likened his goals in Ukraine to the conquests of Peter the Great.
Putin’s Dehumanized Russia (Wilson Center) Disregard for human life and dignity has been a hallmark of Vladimir Putin’s devastating war in Ukraine, marked by violence not seen in Europe since the Yugoslavian wars of the early ’90s.
The Three Ages of Zelensky’s Presidency (Wilson Center) Public governance and politics in Ukraine changed profoundly after Russia’s full-throated invasion of Ukraine beginning February 24, 2022. June 3 marked the hundredth day of what can be called Ukraine’s new administration—though the people in government have not changed.
NATO's New Momentum (Foreign Affairs) A Conversation With U.S. Ambassador to NATO Julianne Smith
Has China Lost Europe? (Foreign Affairs) How Beijing's economic missteps and support for Russia soured European leaders.
Russia says West risks ‘direct military clash’ over cyberattacks (NBC News) Russia’s housing ministry website appeared to be hacked over the weekend, with an internet search for the site leading to a “Glory to Ukraine” sign.
Russia, China, oppose US cyber support of Ukraine (Register) Countries that accept US infosec help told they could pay a price too
The Analyst Prompt #10: AI Facial Recognition Used in Ukraine/Russia War Prone to Vulnerabilities (EclecticIQ) This issue of The Analyst Prompt examines the current fileless malware trend, applications with multiple critical vulnerabilities, and insight into emerging AI facial recognition software being used in the Russia-Ukraine war.
Dark web sites selling alleged Western weapons sent to Ukraine (BleepingComputer) Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders.
Canada on ‘high alert’ for cyberattacks from Russia, others: minister - National (Global News) Public Safety Minister Marco Mendicino said the government is considering 'very carefully' making it mandatory for Canadian companies to report cyberattacks.
National Defence looking at potential ‘impacts’ after cyberattack on military contractor (Global News) CMC Electronics, who has worked with the Canadian Armed Forces for years, recently notified DND of a “cyber breach related incident” reportedly from sophisticated ransomware group.
WSJ News Exclusive | Business Losses From Russia Top $59 Billion as Sanctions Hit (Wall Street Journal) Nearly 1,000 Western companies plan to leave the country or cut back operations, with more write-downs expected as sanctions hit.
Attacks, Threats, and Vulnerabilities
#RSAC: NSA Outlines Threats from Russia, China and Ransomware (Infosecurity Magazine) NSA's director of cybersecurity describes recent threat activity during the RSA Conference 2022
FBI official: Chinese hackers boost recon efforts (The Record by Recorded Future) Chinese hackers have stepped up their probes against the U.S. tech sector since Russia’s invasion of Ukraine, an FBI official said on Thursday.
Top Senate Democrats sound the alarm about Russian interference in the 2022 midterms (Business Insider) The senators wrote that the US supports Ukraine, "we must also be vigilant in guarding against threats to our own system of government."
RSA – Creepy real‑world edition (WeLiveSecurity) Techno purveyors never really thought the cool stuff they were doing would get used as a pretext for bombing, but here we are.
NSA: Ransomware Gangs Are Getting Rich Enough to Buy Zero-Day Exploits (PCMAG) NSA Director of Cybersecurity Rob Joyce also doubles down on the agency's findings that sanctions on Russia have made life harder for ransomware hackers.
Even the Most Advanced Threats Rely on Unpatched Systems (The Hacker News) Automated, live patching is one solution as it removes the need to patch manually – and eliminates time-consuming restarts and the associated downtime
Thirst for workers leads to poisoned resumés (Contrast Security) HR-targeted attacks are just one trending global threat, experts said at the Tuesday keynote at RSA 2022.
#RSAC: NSA Outlines Threats from Russia, China and Ransomware (Infosecurity Magazine) NSA's director of cybersecurity describes recent threat activity during the RSA Conference 2022
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade (BleepingComputer) A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013.
A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia (The Hacker News)
Researchers uncover a decade-long Chinese cyber espionage campaign targeting government, education, and telecom entities.
Report: Chinese-linked threat used porn to lure victims in Asia and Australia (The Record by Recorded Future) SentinelOne says “Aoqin Dragon” has been targeting government, telecom, and education sectors for nearly a decade.
Chinese 'Aoqin Dragon' gang runs ten-year espionage spree (Register) Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years (SentinelOne) Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.
Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector (The Hacker News) Researchers have taken the wraps off “Symbiote,” what they call a "nearly-impossible-to-detect" Linux malware that’s targeting the financial sector.
This new Linux malware is 'almost impossible' to detect (ZDNet) Symbiote is parasitic malware that provides rootkit-level functionality.
New Symbiote malware infects all running processes on Linux systems (BleepingComputer) Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access.
MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips (TechCrunch) Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered. The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authenti…
Emotet malware gang shifts to stealing credit cards (Register) Crimeware groups are re-inventing themselves
Ransomware Actors Leaning on DNS Tunneling (Decipher) Ransomware groups are using DNS tunneling more and more as a way to exfiltrate data and send commands to infected machines.
Bizarre ransomware sells decryptor on Roblox Game Pass store (BleepingComputer) A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency.
Threat Actors Start Exploiting Meeting Owl Pro Vulnerability Days After Disclosure (SecurityWeek) Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.
'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware (SecurityWeek) Qbot, AsyncRAT and other malware are being delivered via the Follina vulnerability, which remains without an official patch.
CrowdStrike demonstrates dangers of container escape attacks (SearchSecurity) CrowdStrike's RSA Conference presentation demonstrates how the Kubernetes 'cr8escape' bug could lead to container escape attacks and host takeovers.
#RSAC: Lessons Learned From the Solarwinds Sunburst Attack (Infosecurity Magazine) A panel discussion explained that businesses must transform to meet the cyber threats of tomorrow
JFrog Discovers Denial-of-ServiceVulnerability in Envoy Proxy (JFrog) JFrog Security Research discovered a new potentially critical vulnerability in the widely used open-source load balancer proxy #Envoy. The new vulnerability can be exploited for launching Denial of Service attacks. Check out our latest blog post for technical information and mitigation recommendations.
8 zero-day vulnerabilities discovered in popular industrial control system from Carrier (The Record by Recorded Future) Eight zero-day vulnerabilities affecting a popular industrial control provided by Carrier have been identified and patched.
Watch Out for These Malicious Loan Apps (Trend Micro News) Some loan apps available for download on Android are malicious and used to spy on people’s phone contacts, text messages, photos, video and audio recordings, location data, and other private information.
Why Defense contractors still have a cyber target on their backs (Federal News Network) The Defense Department is still figuring out how to raise the cybersecurity waterline among its vendor community as part of its CMMC program.
Hackers Can Steal Your Tesla by Creating Their Own Personal Keys (Wired) A researcher found that a recent update lets anyone enroll their own key during the 130-second interval after the car is unlocked with an NFC card.
You can be tracked via your Bluetooth signal, researchers claim (Graham Cluley) Boffins at the University of California San Diego have found a way to track individuals via Bluetooth. Researchers discovered that the Bluetooth signals emitted by mobile phones carry a unique…
Vice Society ransomware claims attack on Italian city of Palermo (BleepingComputer) The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.
Arizona medical data breaches: How many records have been affected in our state? (FOX 10 Phoenix) Are healthcare providers doing enough to protect your personal information? Hackers are accessing sensitive health data more than ever and this could directly impact you in Arizona. We have what you need to know.
Fred Hutch announces data breach: Unauthorized party hacked into an employee email (KOMO) Fred Hutchinson Cancer Center announced a recent data breach after an unauthorized party temporarily accessed an employee's email account on March 25. Fred Hutch, formerly known asSeattle Cancer Care Alliance, said the ongoing investigation revealed the account contained certain individuals' names, addresses, social security numbers, financial account information and protected medical information.
Ellsworth warns residents of ransomware attack (KSN-TV) The City of Ellsworth is dealing with a ransomware attack. It found out about the attack after employees noticed unauthorized activity on the City’s network on …
Ransomware cyberattack on Tenafly schools computer system cancels final exams (NorthJersey.com) A cyberattack on the Tenafly School District's computers has led to a cancellation of all final exams and a return to \
New Jersey school district forced to cancel final exams amid ransomware recovery effort (The Record by Recorded Future) Tenafly Public Schools in Bergen County, New Jersey is in the process of recovering from a ransomware attack that began on June 2.
CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
CISA Adds 36 Known Exploited Vulnerabilities to Catalog (CISA) CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
CISA warning: Hackers are exploiting these 36 "significant" cybersecurity vulnerabilities - so patch now (ZDNet) Flaws in Microsoft, Google, Adobe, Cisco, Netgear, QNAP and other products have been added to CISA's known exploited vulnerabilities catalog.
9 types of computer virus and how they do their dirty work (CSO Online) From macro viruses and boot sector viruses to droppers and packers, here’s a look at 9 common virus types, what they do, and the function they perform for attackers.
Security Patches, Mitigations, and Software Updates
June 2022 Patch Tuesday forecast: Internet Explorer fades into the sunset (Help Net Security) In this June 2022 Patch Tuesday forecast, Todd Schell provides an overview of what happened in May and predicts what updates we can expect.
Patch Tuesday to End; Microsoft Announces Windows Autopatch (BankInfoSecurity) Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its
Microsoft Defender now isolates hacked, unmanaged Windows devices (BleepingComputer) Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.
DogWalk zero-day Windows bug receives patch - but not from Microsoft (Hot for Security) A Windows zero-day vulnerability dubbed "DogWalk" has not received an official
patch yet from Microsoft, but that hasn't stopped others from offering free
fixes to protect users.
Atlassian Zero-Day Vulnerability Allowing Critical Remote Code Execution Patched After Several Exploitation Incidents (CPO Magazine) A zero-day vulnerability in widely used IT service management software Atlassian has now been patched, about a week after reports of it being abused for remote code execution began to appear.
Trends
The good, the bad and the weird: Ciaran Martin discusses where the pandemic has left cyber security (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Cyber attacks on industrial assets cost firms millions (SecurityBrief Asia) Some 89% of electricity, oil & gas, and manufacturing firms have experienced cyber attacks impacting production and energy supply over the past year.
Double extortion ransomware pushes average payments close to $1 million (IT PRO) As the average payment approaches the landmark figure, experts reflect on times when the going rate was just $500
Delinea Onsite RSA Conference Survey Reveals Cloud Security Top Cybersecurity Concern in 2022 (PR Newswire) Delinea, a leading provider of privileged access management (PAM) solutions for seamless security, today announced the results of its own...
At the RSA Conference, Jobs Still Key to The Cybersecurity Crisis (Forbes) This week at the RSA Security conference in San Francisco, the cybersecurity jobs crisis loomed large.
Akamai researches top three internet security threats (SecurityBrief Australia) Akamai Technologies has released three new research reports focusing on ransomware, web applications and APIs, and DNS traffic.
Agrifood cyberattack threats on the rise (WattAgNet) Ever since JBS USA experienced a cyberattack in May 2021, the threat of such attacks against the agrifood sector has only increased.
Marketplace
RSA Conference 2022 - Announcements Summary (Day 3) (SecurityWeek) SecurityWeek is publishing a daily digest summarizing some of the announcements made by vendors at the RSA Conference 2022.
Photos: RSA Conference 2022, part 3 (Help Net Security) In this collection of RSA Conference 2022 photos, we see the following vendors:
Job cuts hit cybersecurity industry despite surging growth from ransomware attacks (CNBC) At the RSA Conference this week, security software companies were grappling with soaring attacks and the new realities of the capital markets.
DefenseStorm Raises $15 Million for Banking Security and Compliance Platform (SecurityWeek) DefenseStorm raises $15 million for its cloud-based cybersecurity, compliance and fraud solutions aimed specifically at banks.
Flare Raises a CAD$9.5 Million Series A Round to Democratize Cybersecurity (PR Newswire) Flare, the leader in digital footprint monitoring, announced a CAD$9.5 million Series A Round led by Inovia Capital with participation from...
Middesk raises $57 million to accelerate trust between businesses (Help Net Security) Middesk announced that it has raised $57 million in a Series B round co-led by Insight Partners and Canapi Ventures.
Legal Technology Firm TCDI Agrees to Acquire Aon's eDiscovery Practice (Insurance Journal) TCDI, theGreensboro, N.C.-based provider of legal services, software and cyber security, announced it has signed a definitive agreement to acquire
Leading cybersecurity vendors join Mandiant's new Cyber Alliance Program (CSO Online) The alliance aims to develop integrated security systems and share threat intelligence, and lists partners including Google, Cloudflare, CrowdStrike, SentinelOne and Microsoft as founding members.
OPSWAT Joins AWS ISV Accelerate Program (PR Newswire) OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, announced today that it has been accepted into the...
Cardiff cyber security firm Wolfberry rebrands as it seeks further expansion (Business Live) The firm is now called PureCyber
Fortinet Announces Five-for-One Stock Split (GlobeNewswire News Room) SUNNYVALE, Calif., June 09, 2022 (GLOBE NEWSWIRE) -- News Summary Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated...
Cloudflare names Mark Hawkins to Board of Directors (Help Net Security) Cloudflare announced that Mark Hawkins was elected to the company's board of directors at the Cloudflare 2022 Annual Meeting of Shareholders.
Intel hires April Miller Boise as EVP and Chief Legal Officer (Help Net Security) Intel announced that April Miller Boise has been appointed executive vice president and chief legal officer.
Marcus Fowler Takes Helm of Darktrace's Federal Division (GovCon Wire) Looking for the latest GovCon News? Check out our story: Marcus Fowler Takes Helm of Darktrace's Federal Division. Click to read more!
What is Ethical Hacking? Working, Techniques and Jobs (Cyphere) In the past, if someone called themselves hacker chances are, they received some backlash or negative connotations. However, in recent times as the field of information is on the rise a new term ‘Ethical Hacking’ has emerged and opened many different avenues for IT and cyber security professionals.
Products, Services, and Solutions
New infosec products of the week: June 10, 2022 (Help Net Security) The featured infosec products this week are from: Acronis, Code42, Cynet, Elastic, Living Security, Lumu, NetWitness, Qualys, SafeBreach, and Swimlane.
Global InfoSec Awards for 2022 Winners by Category (Cyber Defense Global InfoSec Awards) Cyber Defense Awards in conjunction with Cyber Defense Magazine is pleased to announce the winners of our prestigious annual Global Infosec Awards, now in their 9th year, here at the RSA Conference 2022 on our 10th Anniversary.
AvePoint Examena Digital Assessment System Wins 2022 EdTech Breakthrou (PRWeb) EdTech Breakthrough, a leading market intelligence organization that recognizes the top companies and solutions in the global educational technology market, toda
Deepwatch | Automated Service to Accelerate Threat Containment (Deepwatch) Learn more about Deepwatch's MXDR service, which provides automated response capabilities to improve threat containment.
Always-On Connectivity, Even In The AirA Key Consideration In Digital Transformation StrategiesNetwork Predictions For 2022 (Opengear) Opengear, a Digi International company (NASDAQ, DGII, www.digi.com/) and leading network resilience solutions provider, announced today that it is launching its new family of console managers, the CM8100. As the latest addition to its award-winning Smart OOBTM Console Server family, the CM8100 delivers a comprehensive solution, adding NetOps capabilities to existing Smart OOB features that simplify connectivity to IT equipment.
NetSPI's New Breach and Attack Simulation Enhancements Help Organizations Achieve Behavior-Based Threat Detection (PR Newswire) NetSPI, the leader in penetration testing and attack surface management, today announced new Breach and Attack Simulation (BAS) enhancements to...
Fullstack Academy Partners with Engageli to Transform its Online Learning Experience (Bloomberg) Leading U.S. Tech Bootcamp Is Enhancing Student Outcomes Through a New, Highly Collaborative, and Inclusive Online Classroom Experienc
Deepwatch | Automated Service to Accelerate Threat Containment (Deepwatch) Learn more about Deepwatch's MXDR service, which provides automated response capabilities to improve threat containment.
Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets (SecurityWeek) Snowflake is the latest enterprise technology firm looking to help fuel the massive data lakes that power enterprise security programs.
Thales showcases unique cybersecurity offerings (The HinduBusinessline) The increase in cyberattacks is almost directly proportional to the speed of digital transformation: CEO Patrice Caine
Technologies, Techniques, and Standards
The Anatomy of a Cyberattack (Wall Street Journal) The former president of United Structures of America talks about what happened when his computer networks were held hostage.
Cybersecurity for Business: Developing and Maintaining an Effective Incident Response Plan (The National Law Review) Data breaches have become more frequent and costly than ever. In 2021, the average data breach cost companies more than $4 million. Threat actors are increasingly likely to be sophisticated. The emerg
Upskilling Cybersecurity Professionals through Training and Certifications (CSO Online) There are an increasing number of new threats that need to be mitigated, and the cybersecurity industry needs to be able to keep up.
Ways to protect yourself from spoofing attacks (iTWire) Spoofing is an important term to consider when it comes to cybersecurity. It includes a variety of methods for disguising a hostile person or device as someone or something else. The purpose is to get a foothold in a system, obtain data, steal money, or distribute pre...
How to Find Out if Your Passwords Are Being Sold Online (MUO) Even your strongest passwords aren't safe from hackers. But there are ways to check if your password is stolen or not.
DHS Rolls Out Mobile App for Intelligence Data Sharing (ExecutiveGov) The Department of Homeland Security has released a new tool for federal personnel, law enforcement officers and first responders to share intelligence data from mobile devices.
Guard Soldiers, Airmen Participate in Cyber Shield Exercise (Air National Guard) More than 800 National Guard Soldiers and Airmen, civilian experts, and other military services from throughout the nation are conducting exercise Cyber Shield this month
Cyber Shield 2022 focuses on safeguarding DOD Information Network (Reserve & National Guard) National Guardsmen have converged to prepare for attacks against Department of Defense computer networks as part of Cyber Shield 2022.
U.S. National Guard’s Cyber Training Emphasizes Social Media, Supply Chain Protection (Nextgov.com) Ahead of the annual Cyber Shield exercise, military leaders will train National Guard and other military members to fight disinformation and protect critical infrastructure.
Design and Innovation
Data Is Vulnerable to Quantum Computers That Don't Exist Yet (IEEE Spectrum) New spinoff from Alphabet has a plan to transition to post-quantum cryptography
Financial Firms Seek Edge in Algorithms Inspired by Quantum Computing (Wall Street Journal) Quantum computing, which promises to significantly increase processing speeds, is still years away from full-scale commercial deployment, but some financial-services firms are turning to quantum-inspired technology for interim benefits.
Why AIs Will Become Hackers (Dark Reading) At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems — and what that will mean for us.
Why the Password Is Not Dead (Infosecurity Magazine) Why passwords are here to stay as the core of personal digital security
Academia
Cybersecurity Scholarships (National Initiative for Cybersecurity Careers and Studies) The NICCS Cyber Corps SFS page highlights the NSF scholarships that are available to students interested in receiving a cybersecurity related degree.
FIU awarded $1 million to develop 5G/6G cybersecurity solutions (FIU News) FIU researchers are helping thwart cyberattacks ― from computers and mobile devices to large-scale networks ― thanks to NSF $1M grant.
Colorado has had a shortage of cybersecurity professionals for years. Here’s how that’s going. (The Colorado Sun) Colorado schools like MSU Denver have ramped up cybersecurity programs as the world’s thirst for cyber protection grows. But it’s not just about a college degree.
Legislation, Policy, and Regulation
Federal government may make reporting cyberattacks mandatory: Mendicino (CBC News) The federal government is looking at making it mandatory for Canadian businesses and organizations to report cyberattacks, says Public Safety Minister Marco Mendicino.
Society seeks strategies to protect Nigeria’s cyberspace (NNN) The Nigeria Computer Society (NCS), has appealed to the Federal Government to develop a national cybersecurity strategy and regulatory framework to
Federal Cyber Officials Talk Recruitment, Culture, Collaboration (GovTech) CISA Director Jen Easterly and National Cyber Director Chris Inglis promote collaboration — but will their successors do the same? Does describing the work as “data care” not “cybersecurity” help with talent recruitment?
#RSAC: Funding Cyber Civil Defense to Help Improve the State of Security (Infosecurity Magazine) A new approach to ensure all sectors of society play a part in protecting our digital future
SolarWinds CEO offers to embed staffers at government cyber agencies (ComputerWeekly.com) A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies embed key staff with government cyber agencies to improve cooperation and incident response.
DHS Solicited Twitter To ‘Become Involved’ in Disinfo Board (Washington Free Beacon) The Department of Homeland Security worked with Twitter on its ill–fated Disinformation Governance Board, according to whistleblower documents, which show the agency arranged a meeting with the Twitter executive who blocked news stories about Hunter Biden’s laptop.
WSJ News Exclusive | Biden Administration Weighs Changes to Classification of National Security Secrets (Wall Street Journal) Evaluation comes amid an expanding bipartisan effort in Congress for the federal government to modernize and streamline how it classifies national security information amid an explosion of digital communications.
Litigation, Investigation, and Law Enforcement
Cyprus helps bust illicit sale of private data on Americans (AP NEWS) Cyprus police have seized servers that were used to sell social security numbers and other personal information stolen from 24 million U.S. citizens, a law enforcement official said Thursday.
Microsoft disrupts Bohrium spear-phishing ring by seizing 41 domains (Hot for Security) An Iranian hacking gang called Bohrium has had its activities disrupted after
Microsoft seized control of 41 domains used in spear-phishing attacks.
NSO v. WhatsApp: Should the Solicitor General Recommend Allowing Foreign Corporations to Claim Immunity? (Just Security) An analysis in light of Monday's SCOTUS call for the views of the solicitor general.
France-based Nigerian travels to Lagos, leads cyberattacks on 10 banks (Punch Newspapers) The Police Special Fraud Unit in Lagos State on Wednesday said it arrested three suspects for allegedly attempting cyberattacks on 10 banks in the state.
After a Breach, One Company's Cybersecurity Claims Got Referenced in a Lawsuit (ClearanceJobs) With billions of dollars lost through cryptocurrency frauds and security breaches, it was a matter of time until the litigation waves began.
‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million (Vice) The hacker has a week to return the stolen 'bag of cash,' the victim said, in an incident that's another black eye for the hyped-up Optimism project.
FCPD recovers most school system funds stolen in cyberattack (Rome News-Tribune: Northwest Georgia News) The Floyd County school system has recovered most of the funds stolen by a cyberattack discovered this week, following quick action by the Floyd County Police Department.