Costs of a data breach. Personal apps as a business risk. Criminal help wanted. ICS security advisories. Preparing for cyberwar. Privateers and profit.

Summary

By the CyberWire staff

At a glance.

IBM on the cost of a data breach: automation pays, and so does incident response planning.
Personal apps as a potential business risk.
Help wanted (C2C edition).
CISA issues five ICS security advisories.
Preparing for renewed Russian cyber offensives.
Privateers and profit.

IBM on the cost of a data breach: automation pays, and so does incident response planning.

IBM Security has released its seventeenth annual Cost of a Data Breach Report. The research, conducted by Ponemon Institute and sponsored, analyzed and published by IBM Security, analyzed 550 organizations that fell victim to a data breach between March of 2021 and March of 2022. Researchers found that 83% of organizations had more than one data breach. It was discovered that 60% of the breaches led to increases in customer prices, with the costs of a data breach averaging $4.35 million. The critical infrastructure sector was disproportionately impacted financially by breaches, with impacted organizations averaging costs of $4.82 million. It pays, however, to have protection in place – $3.05 million was saved, on average, by companies with fully deployed security AI and automation systems, and $2.66 million was saved by companies with an incident response team and plan.

Data breaches, IBM thinks, are having an effect upon economic conditions in general. "The findings suggest these incidents may also be contributing to rising costs of goods and services," the company said. "In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues." The toll breaches exact amounts to "an invisible cyber tax."

Free Guide | 5 Critical Controls for World-Class OT Cybersecurity

As operational technology (OT) cybersecurity becomes a top priority from boardrooms to the manufacturing floor, CISOs and their teams must implement proven strategies to protect the business. Download this free guide and discover the components to align your leadership and implement a successful operational technology (OT) security posture. Download now →

Personal apps as a potential business risk.

Netskope has released a report detailing the common use of personal apps in business. Cloud app use has seen an increase of 35% just since the beginning of 2022, with the average mid-sized business with between five-hundred and two-thousand employees using one-hundred-thirty-eight different apps. Personal app and personal instance usage increases in the 30 days before employees leave an organization, with 20% of users uploading unusually high amounts of data before their departure. This might be innocent, but which inevitably raises suspicions. (Netskope explains the distinction between a personal app and a personal instance: “A personal app, such as WhatsApp, is an app that only sees personal usage from personal accounts. A personal instance is a personal account of an app that is also managed by the organization. For example, someone's personal Gmail account in an organization that uses Google Workspaces is a personal instance.”)

The current trend represents an increase of 33% from the same time last year. Personal app usage is most prevalent in the retail sector, with nearly four in ten employees using them, and it’s least prevalent in the financial sector, where fewer than one in ten employees were found to be uploading, creating, sharing, and storing data. Interestingly, it was found that many organizations use apps with overlapping functionalities: mid-sized companies on the average use four webmail apps, seven cloud storage apps, and seventeen collaboration apps. This obviously suggests an unnecessary expansion of an organization's attack surface.

Help wanted (C2C edition).

Huntress contacted us yesterday with a note about the way they're seeing threat actors target managed services providers (MSPs) in their supply chain attacks. "Huntress researchers discovered a Beeper thread from July 18, 2022 looking for a partner to help process stolen data from over 50 American MSPs, 100 ESXi, and more than 1,000 servers. The hacker boasted a 'high profit share,' with only little left to do before exploiting the data." Huntress reminds us that this also seems to corroborate the threat to MSPs the Five Eyes (Australia, Canada, New Zealand, the United Kingdom, and the United States) warned of on May 11th of this year. Their observations also confirm something about the C2C market: its criminal players suffer from the same human resources challenges the rest of us do. Here's the text of what amounts to a criminal's help-wanted ad: "Looking for a Partner for MSP processing. I have access to the MSP panel of 50+ companies. Over 100 ESXi, 1000+ servers. All companies are American and approximately in the same time zone. I want to work qualitatively, but I do not have enough people. In terms of preparation, only little things are left, so my profit share will be high. Please send me a message for more details and suggestions."

CISA issues five ICS security advisories.

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released five industrial control system (ICS) advisories affecting Inductive Automation Ignition ("mitigations for an Improper Restriction of XML External Entity Reference vulnerability in versions of Inductive Automation Ignition software"), Honeywell Safety Manager, ("mitigations for Insufficient Verification of Data Authenticity, Missing Authentication for Critical Function, and Use of Hard-coded Credentials vulnerabilities in Honeywell Safety Manager, a safety solution of the Experion Process Knowledge System"), Honeywell Saia Burgess PG5 ("mitigations for Authentication Bypass and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Honeywell Saia Burgess PG5 PCD, a PLC"), MOXA NPort 5110 ("mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server"), and Mitsubishi MELSEC and MELIPC Series (Update D) ("mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC and MELIPC Series industrial computers").

Once vulnerabilities are exposed, they're quickly exploited. Palo Alto Networks' Unit 42 finds that threat actors typically begin scanning for exploitable vulnerabilities within fifteen minutes of their disclosure.

Preparing for renewed Russian cyber offensives.

Nations closest to Russia seem most interested in shoring up cyber as well as physical defenses. Estonia's former president, Toomas Hendrik Ilves, speaking at a virtual security forum hosted in Taipei, sees one major lesson of Russia's war against Ukraine as a growing realization of a need for an international alliance to defend democracies against digital threats. "All of this leads me to argue that we need a digital alliance like NATO but one that is really and truly value-based, that includes all liberal democracies that wish to be a part of it, and is not bound by geography, but by shared values," Focus Taiwan quotes him as saying in his closing address to the Ketagalan Forum: 2022 Indo-Pacific Security Dialogue.

The Wall Street Journal reports that Moldova, which regards itself as a possible Russian target, is receiving assistance along those lines from both the EU and the US. Moldova has seen an increase in hostile cyber activity during Russia's war against Ukraine, but so far the attacks have remained at their worst a nuisance. Iurie Turcanu, Moldova’s deputy prime minister for digitalization, said, “The first question which came to our minds was: Are we prepared to face this challenge from a cybersecurity perspective? Are we ready with our business continuity plans? Do we have them at all?” The government sees a more capable CERT that works effectively with critical infrastructure organizations as an essential aspect of its defense. “We need to know exactly what we’re doing in the next minute when we’re attacked,” Mr. Turcanu added, explaining the importance of contingency planning.

Why so much attempted DDoS, but not so much ransomware?

The Council on Foreign Relations looks at the recent record of Russian cyber operations, particularly from the country's privateers, and asks why ransomware attacks against Ukrainian targets seem to have fallen off after an initial wave of pseudo-ransomware wiper attacks. They suggest a range of reasons for this, but come down, in the end, to the privateer's profit motive. But Ukrainian victims are unlikely to have much incentive to pay their ransom, and may have small ability to do so even in the unlikely event that they wished to. None of this minimizes the ransomware gangs' connections to the Russian security services, nor should it be taken as a council of complacency--rather the opposite: if you look like you could pay, you can expect to be regarded as a potential target.

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

Dateline Moscow, Kyiv, Chisinau, Brussels, and Washington: Action during an operational slow-down.

Ukraine at D+153: Action during an operational pause. (The CyberWire) Ukrainian artillery continues to strike Russian logistical targets, and Russian artillery continues to strike whatever is within range. Moldova fears it may be the next item on Mr. Putin's territorial menu, and it's seeking assistance to help defend itself in the event of a hybrid war. Privateers are useful in wartime, but their usefulness is limited: their operations need to be, at a certain point, paying propositions.

Russia-Ukraine war: List of key events, day 154 (Al Jazeera) As the Russia-Ukraine war enters its 154th day, we take a look at the main developments.

Russia-Ukraine war latest: what we know on day 154 of the invasion (the Guardian) Ukrainian forces strike Antonivskiy Bridge in Russian-occupied Kherson to disrupt Moscow’s supply routes

Russia-Ukraine live news: Ukraine attacks key Kherson bridge in bid to isolate Russian forces (the Guardian) Kyiv’s forces seek to disrupt major Russian supply route through Antonivskiy bridge in bid to retake Kherson

New Russian airstrikes target Black Sea regions of Ukraine (AP NEWS) Russia targeted Ukraine’s southern Black Sea regions of Odesa and Mykolaiv with airstrikes Tuesday, hitting private buildings and port infrastructure with missiles fired from long-range bomber aircraft, the Ukrainian military said.

Bridge closed in Russia-held Kherson after HIMARS shelling, official says (Reuters) Authorities in the Russian-controlled Ukrainian city of Kherson have closed the city's only bridge across the Dnipro river after it came under fire from U.S.-supplied high mobility artillery rocket systems (HIMARS), an official from the Russian-installed administration said on Wednesday.

'We will win, it’s just a case of when': Ukrainians prepare for intense battle to retake Kherson (The Telegraph) Front-line soldiers are in a state of hyper-vigilance as they get ready to reclaim the strategic southern city amid ongoing Russian shelling

The Lion Roars: Zelensky Soldiers On (ClearanceJobs) Like a man born to lead his country through a war no one thought they could win, Zelensky has never wavered.

There is a dark war we cannot see that could decide Ukraine’s fate (Evening Standard) The fighting goes on in Ukraine, and despite huge losses on both sides, all seems stuck in bloody impasse. Against the odds, Ukrainian forces are mounting a counter-attack on Kherson, the first city taken by the Russians.

Opinion | Ukraine Is the Next Act in Putin’s Empire of Humiliation (New York Times) There seems to be nothing in Russia’s mainstream discourse that takes responsibility for the past and imagines a different path forward.

Putin’s New Police State (Foreign Affairs) In the shadow of war, the FSB embraces Stalin’s methods.

Ukraine app captures thousands of videos that could help prosecute Putin (the Guardian) eyeWitness to Atrocities enables timed and dated recordings that cannot be edited, enhancing their evidential value

Analysis | Putin Sent a Message by Attacking Odesa. The World Should Listen (Haaretz) By attacking Odesa's seaport, Putin has signaled that no agreement will make him give up control of the Black Sea and with it the ability to pressure global food supply

Moscow shattered two illusions with one missile strike. The White House needs to accept reality. (Atlantic Council) The Biden team is blowing an uncertain trumpet as it tries to project US leadership.

Russia Still Has Willing Partners in the Middle East (Foreign Policy) Despite Moscow’s military shortcomings and Western efforts to make it an international pariah, Vladimir Putin remains a capable player in the region.

Opinion | Germany’s Gepard Tanks Finally Reach Ukraine (Wall Street Journal) Three Cheetahs arrive, but three months late and at a turtle’s pace.

Latvia requests HIMARS weapon to bolster Baltic defense (Defense News) The country also aims to purchase coastal defense missile systems and is currently evaluating submitted offers.

Moldova Plans Cyber Overhauls Amid War in Neighboring Ukraine (Wall Street Journal) A big challenge for Moldova, one of Europe’s poorest countries, is finding cybersecurity experts to fill new jobs, and money to pay them, authorities said.

Estonia ex-leader calls for 'digital alliance' to combat cyber threats (Focus Taiwan) Taipei, July 26 (CNA) Visiting former Estonia President Toomas Hendrik Ilves on Tuesday called on the world's democracies to form a "digital alliance" that is bound not by geography, but by shared values, to combat growing cyber threats in a new digital era.

Russia Is Quietly Ramping Up Its Internet Censorship Machine (Wired) Since Vladimir Putin blocked Facebook, Instagram, and Twitter in March, Russia has been pushing away from the global internet at a rapid pace.

Financial Incentives May Explain the Perceived Lack of Ransomware in Russia’s Latest Assault on Ukraine (Council on Foreign Relations) Ransomware has been notably absent the barrage of cyberattacks faced by Ukraine since the Russian invasion in February. Financial concerns are likely the reason ransomware groups have stayed out of t…

Ukraine app captures thousands of videos that could help prosecute Putin (the Guardian) eyeWitness to Atrocities enables timed and dated recordings that cannot be edited, enhancing their evidential value

More Russians must face personal sanctions over Ukraine invasion (Atlantic Council) As the world seeks ways to end the Russian invasion of Ukraine, Oleksandr Novikov of Ukraine’s National Agency on Corruption Prevention says dramatically expanded personal sanctions are the most effective available tool.

Grain drain: Why Turkey can’t afford to ignore Russian grain smuggling from Ukraine (Atlantic Council) The diplomatic goodwill Turkey won in its key role in the deal to unlock Ukrainian grain export is at risk as Russia may prove a spoiler.

Attacks, Threats, and Vulnerabilities

How the cyberwar between Iran and Israel has intensified (Washington Post) Three things to know about the not-so-covert cyber-operations between these two adversaries

Luca Stealer malware spreads after code appears on GitHub (Register) Cool, another Rust project ... Oh

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection (The Hacker News) Cybercriminals are increasingly leveraging WebAssembly (Wasm)-coded cryptocurrency miners to make detection and analysis difficult.

New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn (SecurityWeek) Marketing and HR professionals have been targeted with Ducktail malware through LinkedIn spear phishing campaigns to hijack Facebook business accounts.

Malicious IIS extensions quietly open persistent backdoors into servers (Microsoft Security Blog) Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little is generally known about how attackers leverage the IIS platform as a backdoor.

Microsoft: IIS extensions increasingly used as Exchange backdoors (BleepingComputer) Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.

SIEM Detections for Okta PassBleed (Splunk, Microsoft Sentinel, IBM QRadar, Sumo Logic) (CardinalOps) SIEM detections for the Okta PassBleed vulnerabilities (Splunk, IBM QRadar, Microsoft Sentinel, Sumo Logic), plus MITRE ATT&CK mappings for its adversary techniques.

LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top (Dark Reading) Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.

Data Stolen in Breach at Security Company Entrust (SecurityWeek) Entrust suffered a data breach last month and the security company has confirmed that the attackers have stolen some files.

Twitter Data Breach From Former Gartner Cybersecurity Analyst (Information Security Buzz) Following the news that Twitter suffered a data breach that saw 5.4 million users’ details leaked online please find a comment below from Cyber security experts.

Twitter hacker touts 5.4 million users' data, including celebs and companies, for $30k (Fortune) Phone numbers and email addresses of millions of users were apparently accessed, and are now being sold via the dark web.

A Retrospective on the 2015 Ashley Madison Breach (KrebsOnSecurity) It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides.…

Cyber-Attack Vectors in the Automotive Sector – Part 1: Signal Attacks (TechHQ) Vehicular cyber-attack is novel right now, but it may grow more and more frequent as we move towards data-rich, connected vehicles.

Hackers scan for vulnerabilities within 15 minutes of disclosure (BleepingComputer) System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.

Employees That Circumvent Access Introduce Risk (Security Boulevard) We are not a patient society, and we are made less patient as technology continues to evolve. Productive business operations thrive on faster internet

Vulnerability Summary for the Week of July 18, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Microsoft Will Change a Windows Security Default to Block Ransomware - ExtremeTech (ExtremeTech) In the latest Insider builds of Windows 11, Microsoft has changed a default setting that could keep ransomware out of your PC. Why it didn't do this years ago is anyone's guess.

Inductive Automation Ignition (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain file contents.

Honeywell Safety Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Safety Manager 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for configuration and firmware manipulation or remote code execution.

Honeywell Saia Burgess PG5 PCD (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors.

MOXA NPort 5110 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOXA Equipment: NPort 5110 Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to change memory values and/or cause the device to become unresponsive.

Mitsubishi Electric MELSEC and MELIPC Series (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC and MELIPC Series Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation

Trends

2022 Incident Response Interactive (Palo Alto Networks) The 2022 Unit 42 Incident Response Report offers insights from our IR cases on today's threat landscape and how to best prepare for future threats.

Palo Alto Networks Unit 42 Incident Response Report Reveals that Phishing and Software Vulnerabilities Cause Nearly 70% of Cyber Incidents (Yahoo) According to a new report from Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, the heavy use of software vulnerabilities matches the opportunistic behavior of threat actors who scour the internet for vulnerabilities and weak points on which to focus. The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks extensive incident response (IR) work, leveraging a sampling of over 600 Unit 42 IR cases, to help CISOs and secu

IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High (IBM Newsroom) IBM Security released the annual Cost of a Data Breach Report,1 revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations.

Cost of a Data Breach Report 2022 (IBM Security) The Cost of a Data Breach Report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches.

The global average cost of a data breach reaches an all-time high of $4.35 million (Help Net Security) IBM Security revealed the global average cost of a data breach in 2022 reached an all-time high of $4.35 million for studied organizations.

Global State of Ransomware Survey Reveals One in Three Organizations See Malicious Insiders as a Route for Ransomware (Business Wire) Gigamon, the leading deep observability company, today launched its first State of Ransomware 2022 and Beyond report aimed at providing valuable insig

Security Pros 'Running to Keep Up': Delinea Research Highlights That 60% of IT Security Decision Makers are Held Back from Delivering on IT Security Strategy (PR Newswire) Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced findings from a global...

Cybersecurity: Benchmarking Security Gaps & Privileged Access (Delinea) What are IT security leaders doing to reduce the risk of attack, and where are they making investments? Global research report.

NCC Group Monthly Threat Pulse - June 2022 (Mynewsdesk) Ransomware threat scene continues to evolve with newly established Lockbit 3.0 ramping up activity and Conti, as we knew it, all but disappearing completely

Check Point Research: Weekly Cyber Attacks increased by 32% Year-Over-Year; 1 out of 40 organizations impacted by Ransomware (Check Point Software) Highlights: · Average weekly attacks per organization worldwide reached a peak of 1.2K attacks, a 32% increase year-over-year · Education/

Geopolitical strife impacting shift in ransomware attacks (Insurance Times) The cyber security firm discovered 59,259 cases of never before seen malware in March 2022 alone

Ransomware attacks fall in SonicWall's cyber threat report (Register) Be ready for a rebound, and protect yourself with patching and segmentation

Facing plenty of phish, employees need to get schooled (TechBeacon) Phishing attacks are getting costlier, more sophisticated, and more prolific. Cut the risk of being lured in when targeted by phishers. Go to school!

Tessian | 1 in 3 Employees Do Not Understand the Importance of Cybersecurity at Work, According to New Report (RealWire) Data from Tessian reveals the disconnect between security leaders and employees when it comes to security cultures July 26 2022 - New research from email security company Tessian reveals that a significant percentage of employees are not engaged in their organizations’ cybersecurity efforts and don’t understand their role in keeping their company secure

Marketplace

Resecurity acquires Cybit Sec to expand its threat intelligence capabilities in the Middle East (Help Net Security) Resecurity has acquired Cybit Sec, a vulnerability assessment and penetration testing (VAPT) company based in the United Arab Emirates (UAE).

Data Security Firm Sotero Raises $8 Million in Seed Funding (SecurityWeek) Data-focused security platform provider Sotero has raised $8 million in an extended seed funding round led by OurCrowd.

CrowdStrike said to target $2B acquisition of Israeli company (NASDAQ:CRWD) (SeekingAlpha) CrowdStrike (CRWD) is said to be close to announcing the acquisition of an Israeli company for as much as $2 billion. CrowdStrike is set to be setting up a large R&D center base on a...

Addressing the cyber skills gap (teiss) The Great Resignation might represent a challenge to the cyber security industry, it’s also an opportunity to rethink how we do things

Zscaler downgrade hits cyber security stocks as BTIG sees signs of slowdown (NASDAQ:ZS) (SeekingAlpha) Zscaler (ZS) shares more than 9% on Tuesday as investment firm BTIG downgraded the cyber security company, hitting other stocks in the sector.Analyst Gray Powell noted that Zscaler...

Startups That Hired Rapidly Learn the Virtue of Slowing Down (The Information) Sometimes slow and steady does win the race. Startups that raised a lot of money during the boom years—and avoided spending sprees—now look smart as venture funding dries up. One measure of whether startups will be able to outlast the current downturn is how many people they’ve hired relative to ...

Zuckerberg has a plan to rescue Meta, but can he convince his own employees? (The Verge) "Realistically, there are probably a bunch of people at the company who shouldn’t be here."

EY launches cybersecurity centers in NZ amidst rising cyber threats (SecurityBrief New Zealand) EY says its launching two of its globally recognised cyber security centers, one in Auckland and the second in Wellington, with a potential third in Christchurch.

One Identity Appoints Mark Logan as Company’s First-Ever Chief Executive Officer (One Identity) Technology Veteran Will Continue the Company’s Momentum In Becoming the World’s Leading Identity Security Company ALISO VIEJO, Calif., July 26, 2022 – <a href="/">One Identity</a>, a leader in unified identity security, today announced that Mark L...

Barracuda Networks appoints regional director for SEA, Korea (Digital News Asia) Philippe Cazaubon has been appointed as regional director for Southeast Asia and Korea at Barracuda Networks.

General Sir Chris Deverell joins Conceal Board of Advisors (Help Net Security) Conceal announced that General Sir Chris Deverell, the former Commander of the UK’s Joint Forces Command, has joined its board of advisors.

Former SSA senior IT adviser joins Accenture Federal Services (FedScoop) Veteran federal IT official Jarrett Booz has joined Accenture Federal Services as a senior manager. Booz moves to the private sector after a 25-year career in government, most recently as senior IT adviser within the Social Security Administration’s Office of Digital Transformation. Earlier in his career, he also worked at the National Security Agency for […]

XONA Bolsters Partner Program and Names Roneeta Lal Head of Channel Sales to Accelerate Adoption of Secure Remote Access Platform for Critical Infrastructure (Business Wire) XONA named Roneeta Lal as head of channel, expanded features of its partner program, and added its first internationally-based partner.

Citi Veteran Carl Froggett Joins Deep Instinct as Chief Information Officer (Deep Instinct) NEW YORK, NY July 27, 2022 – Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today announced the addition of Carl Froggett to its executive leadership team as Chief Information Officer to support accelerating growth and continued international expansion. Froggett was formerly Head of Global Infrastructure Defense, CISO Cybersecurity Services at Citi.

Products, Services, and Solutions

Acuant Integrates with ServiceNow to Automate and Transform Onboarding and KYC Compliance for Financial Institutions (PR Newswire) Acuant, a GBG company and leading identity verification provider, today announced an integration with ServiceNow Financial Services Operations,...

JFrog Announces AWS Security Certification and Support for New AWS Vendor Insights (JFrog) JFrog today announced its DevSecOps tool, JFrog Xray, now supports AWS Security Hub, a cloud security posture management service that performs best practice checks, aggregates alerts, and allows automated remediation. JFrog, already part of the DevSecOps category under the AWS DevOps competency, also revealed it is participating in the new AWS Marketplace Vendor Insights, which helps streamline the complex third-party software risk assessment process by enabling JFrog to make security and compliance information available to customers through AWS Marketplace.

Lacework Helps Customers Innovate with Confidence On AWS (PR Newswire) Lacework, the data-driven cloud security company, today announced it has again achieved the compliance and privacy distinction in the Amazon...

IaC Security Leader oak9 Announces Native Integration with Microsoft A (PRWeb) oak9, developer-first IaC security leader, today announced it is now a Microsoft Azure IP co-sell partner and released a native integration for Azure Repos, continui

SecurityScorecard Makes Software Procurement Faster, Easier and More… (SecurityScorecard) Organizations can substantially reduce vendor security assessment time from months to hours Boston, MA - July 26, 2022 - SecurityScorecard , the global leader in cybersecurity ratings, announced at the AWS re:Inforce 2022 today it is making its vendor profile available to Amazon Web Services (AWS)…

Movius and Theta Lake Partner to Combine Industry Leading Voice and Text Solutions with Award-Winning Compliance (Business Wire) Movius, providers of trusted, secure, work-from-anywhere solutions for mobile voice, text, and WhatsApp and Theta Lake, a leader in modern communicati

Mastercard launches a new biometric payment system (Verdict) Mastercard launched its version of a biometric payment system. Shoppers will be able to pay by smiling or waving their hand.

Spot by NetApp Announces Continuous Security Solution for Cloud Infrastructure (Business Wire) NetApp® (NASDAQ: NTAP), a global, cloud-led, data-centric software company, today announced the general availability of Spot Security. Built for the c

Rapid7 Introduces New Layered Context Capabilities for InsightCloudSec (GlobeNewswire News Room) New capabilities seamlessly consolidate risk signals into a unified view that helps speed up prioritization, notification, and remediation of critical...

QuSecure’s Cybersecurity Solution Immediately Addresses NIST-Discovered Network Quantum Vulnerabilities (HPC Wire) QuSecure, Inc., a leader in post-quantum cybersecurity (PQC), today announced that QuProtect, the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels, is positioned to address quantum vulnerabilities outlined by the recently announced National Institute of Standards and Technology’s (NIST) technology collaborators team

Sumo Logic Achieves AWS Security Competency Status for Cloud SIEM and SOAR Solutions (GlobeNewswire News Room) Recognition demonstrates commitment to providing award-winning protection against security threats...

OPSWAT Becomes AWS Security Competency Partner (GlobeNewswire News Room) Designation recognizes that OPSWAT has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with...

CrowdStrike Introduces Industry’s First Cloud Threat Hunting Service Dedicated to Stopping Advanced Cloud-Based Attacks (CrowdStrike) CrowdStrike today introduced Falcon OverWatch Cloud Threat Hunting, the industry’s first standalone threat hunting service for cloud environments.

Censys Introduces Worldwide Channel Partner Program (PR Newswire) Today, Censys, the leader in Attack Surface Management (ASM), introduced its worldwide channel partner program with more than ten companies...

Teleport Eliminates Need for Passwords with Biometric Infrastructure Access Solution (PR Newswire) Teleport, the leading provider of identity-based infrastructure access management, today announced Teleport 10, the latest version of its...

Cyber Security Innovator Coro Launches Incubiz, a Unique Incubator Program to Discover and Develop the Next-Generation of Cyber Security Entrepreneurs (GlobeNewswire News Room) Coro’s new launchpad aims to close the national cyber security skills gap, provide equitable employment opportunities to the Illinois workforce, and...

Technologies, Techniques, and Standards

Banks Start Using Information-Sharing Tools to Detect Financial Crime (Wall Street Journal) Banks have long struggled to spot illicit transactions among the multitudes they process daily because criminals move dirty money from one institution to another to cover their tracks, leaving compliance staff with only a partial road map of their actions.

No More Ransom helps millions of ransomware victims in 6 years (BleepingComputer) The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free.

What Are the NSA K8s Guidelines and Why Should You Care? (Container Journal) The NSA's Kubernetes hardening guidelines are extensive and can feel overwhelming. Here's how you can comply with them.

Tanium expert on how organisations can build an effective defence against ransomware (Intelligent CIO Middle East) As instances of ransomware increase across EMEA, organisations must adopt a robust approach to cyber defence by prioritising prevention measures. Zac Warren, Chief Security Advisor, EMEA at Tanium, tells Jess Abell, Director of Strategic Content at Lynchpin Media, how organisations can strengthen their defences by enhancing endpoint visibility and reinventing their approach to patching. Despite […]

Design and Innovation

IBM claims it had a hand in NIST’s quantum-resistant crypto (Register) Big Blue says it helped developed the algos, so knows what it's doing

Academia

Higher ed's response to ransomware attacks lagged other sectors, survey suggests (Higher Ed Dive) Almost two-thirds of polled higher education institutions said they were hit in the last year by ransomware — and recovery times often exceed a month.

Legislation, Policy, and Regulation

European Commission bans official coordination with UK on key data issues, report (Computing) The move comes as both sides attempt to find a political solution to the deadlock on Northern Ireland protocol

DHS Convenes Regulators, Law Enforcement Agencies on Cyber Incident Reporting (Nextgov.com) The Department of Homeland Security started the clock on a report to Congress for streamlining requirements, amid industry dissatisfaction with the Cybersecurity and Infrastructure Security Agency’s pending reporting regime.

Congress wants further crackdown on spyware makers like NSO, after earlier import ban (9to5Mac) Congress is set to vote on The Intelligence Authorization Act, intended to further punish spyware makers like NSO. It follows evidence that the company’s Pegasus spyware was used to hack iPhones used by American diplomats. The Commerce Department had already named NSO as a threat to US national security, and banned the import and use […]

Congress goes after spyware purveyors. Will it make a difference? (CyberScoop) The crackdown on foreign commercial surveillance comes in the wake of high-profile attacks on diplomats and government officials abroad.

Quantum computing cyber legislation unveiled in Senate (SC Magazine) Sens. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H., have introduced the Quantum Computing Cybersecurity Preparedness Act in the Senate in an effort to bolster quantum computing preparedness among federal agencies, following the legislation's passage in the House last month, according to SecurityWeek.

How the nation’s premier cybersecurity agency can handle its new procurement authority (Federal News Network) CISA is about to get its own procurement authority but could they grow too large too fast? Alan Thomas, the former commissioner of the GSA's Federal Acquisition Service, now the chief operating…

NIST’s Expanding International Engagement on Cybersecurity (NIST) In providing a foundation for cybersecurity advancements over the years, NIST has taken the global context into account when determining priorities and appro

Time to Separate CYBERCOM Or Get Off the Pot (OODA Loop) Recently, the U.S. Senate put forth a bill that would require annual briefings on the relationship between CYBERCOM and the NSA, with concerns being expressed how a dual-hatted leadership impacts either organization. These annual reports would presumably cover important areas such as the division and sharing of resources, how operational risk is being managed, assessments of the operating environment, and the operational effects resulting from the relationship between CYBERCOM and NSA. These reports could be very valuable if CYBERCOM and NSA are separated and under the helm of two different leaders and budget lines. There is a better chance of showing where the organizations are working well together, and where they are not. Problem areas can be more easily identified, and fiscal, material, and human resources reallocated accordingly and fairly.

Litigation, Investigation, and Law Enforcement

European Lawmaker Targeted With Israeli-made Predator Spyware (Haaretz) In wake of the Project Pegasus investigation, the European Parliament began checking lawmakers' devices – the head of the Greek socialist party’s phone had signs of an attempted infection

Coinbase Faces SEC Probe on Crypto Listings; Shares Tumble (Bloomberg) Regulator probing whether firm offered unregistered securities. Company has asked watchdog to clarify digital-asset rules.

Coinbase Promised Empowerment While Pushing Questionable Assets (Bloomberg) “Surely Coinbase should have found this before randoms on Twitter did?”

Kraken, a U.S. Crypto Exchange, Is Suspected of Violating Sanctions (New York Times) The Treasury Department is investigating whether the crypto exchange allowed users in Iran to buy and sell digital tokens, said people with knowledge of the matter.

Wawa to pay $8M for credit, debit card data breach by hackers (nj) Hackers stole data from 34 million transactions in Wawa stores and at its gas pumps over an eight-month period in 2019.

Southern Co-op's use of facial recognition system is Orwellian, privacy group (Computing) Southern Co-op says it will appreciate any constructive feedback from the ICO

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Aug 15 - 19, 2022) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Sep 26 - Jul 30, 2022) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Oct 17 - 21, 2022) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

Events

Digital safety snacks: Protect yourself from online abuse with short videos and workshops (Virtual, Jun 13 - Jul 28, 2022) PEN America, the Online News Association, and the International Women’s Media Foundation have teamed up to create step-by-step videos and hands-on workshops to help you defend yourself against online abuse. We’ll explain how to protect your most sensitive accounts from hackers and how to dox yourself before someone else does. We want to empower you to feel safer and more secure while maintaining the public profile you need to do your job. This series will include eight short video episodes and four virtual workshops, when you can follow along to complete your digital wellness check, ask questions, and get help if you get stuck. You can join one, two or all four sessions.

AWS re:Inforce (Boston, Massachusetts, United States, Jul 26 - 27, 2022) Exclusively for listeners of the Cyberwire Podcasts, register for AWS re:Inforce using code ALUMLBzyE6B6 to receive $300 off your full conference registration for AWS re:Inforce while supplies last. Join us at this year’s re:Inforce to hear from AWS leaders, builders, and experts about the latest advancements in AWS security, compliance, identity, and privacy solutions—including actionable best practices your business can use immediately. Sessions are offered at all levels and for all backgrounds, from beginner to expert and business to technical.

Cyber Risk Summit 2022 (Virtual, Jul 27, 2022) The CyberRisk Summit showcases the leading minds, best practices, and tech in cyber risk management. Join us to learn how innovators own risk across all cyber surfaces.

ICS/OT Cyber Threats, Vulnerabilities, and Incidents: Past and Present (Columbia and virtual, Maryland, USA, Jul 27, 2022) Gain an in-depth look at old case studies and new research across 2021 highlighting new ICS threat groups, vulnerabilities, and insights from the field including incident response case studies of previously unreported incidents. This session will give a ground-truth reality and primer on what is really happening in our industrial environments.

Black Hat USA 2022 (Las Vegas (and virtual), Nevada, USA, Aug 6 - 11, 2022) Black Hat USA 2022 will be a hybrid conference, offering both a virtual (online) event and a live, in-person event at Mandalay Bay in Las Vegas, August 6-11. You’ll find the same high-quality content and networking opportunities that you’ve come to expect at our Black Hat events, in whichever format you choose.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

IBM on the cost of a data breach: automation pays, and so does incident response planning. Personal apps as a potential business risk. Help wanted (C2C edition). CISA issues five ICS security advisories. Preparing for renewed Russian cyber offensives. Privateers and profit.