Three ransomware ops: BianLian, Cuba, and Ragnar Locker. Recruiting for gangland. Mobile app supply chain vulnerabilities.

Announcement

Call for entries: Creating Connections.

The CyberWire, in partnership with Maryland Art Place (MAP), is pleased to announce an open ‘Call to Artists’. As an extension of MAP’s annual IMPRINT Project, MAP is working with the CyberWire to offer a unique opportunity to female and female identifying visual artists of the greater Baltimore metropolitan area. Collectively, MAP and the CyberWire wish to acquire and possibly commission, time permitting, plus license the image of a work of art. The image of that artwork will be reproduced in a limited edition and presented to the guests of the CyberWire’s 2022 Women in Cybersecurity reception on October 20, 2022. The deadline for submissions is September 5th, 2022.

Summary

By the CyberWire staff

At a glance.

The BianLian ransomware gang is better at coding than at the business of crime.
Attack on Montenegro determined to be ransomware.
Ragnar Locker's current interests.
Recruiting for gangland.
Mobile app supply chain vulnerabilities.

The BianLian ransomware gang is better at coding than at the business of crime.

Security firm [redacted] ("[redacted]" is the company's name, not an editorial bowdlerization) today released a study of a ransomware operation they've been tracking. The gang calls itself "BianLian," and uses custom malware written in the Go language. That malware is resistant to reverse engineering, [redacted] says, but not completely uncrackable. BianLian has tended to use the ProxyShell vulnerability to gain initial access to its targets, and it has shown a preference for targeting servers that provide remote access. As a double-extortion operation, BianLian maintains a dumpsite where it can post data stolen from its victims. The gang chooses its victims largely from companies based in North America, Australia, and the United Kingdom; the companies range in size from small businesses to big multinationals.

BianLian seems unrelated to the Android banking Trojan that's been referred to by the same name. And, while many ostensibly new ransomware groups in fact represent rebrandings of existing groups, or have formed from the remnants of gangs disrupted by law enforcement, [redacted] thinks that BianLian is actually a new group. "While there is a long history of seemingly new ransomware groups rising from the ashes of defunct and/or rebranded groups, we do not have any indications at this time to suggest that is the case with BianLian. For all intents and purposes, the BianLian group appears to represent a new entity in the ransomware ecosystem." They're better at coding than at the business of crime. "Furthermore, we assess that the BianLian actors represent a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business." Some of their missteps have been:

"Mistakenly sending data from one victim to another."
"Possessing a relatively stable backdoor toolkit, but have an actively developing encryption tool with an evolving ransom note."
"Long delays in communications with victims."

They can be expected to up their game as long as they're at liberty. The usual best practices against ransomware should help protect organizations against BianLian.

Free Whitepaper | 10 Ways Asset Visibility Builds the Foundation for OT Cybersecurity

Asset visibility is at the foundation of an effective operational technology (OT) cybersecurity strategy. Many core cybersecurity program pillars depend on having rich and complete asset visibility with intelligence-driven context. This whitepaper provides insight into 10 distinct ways that asset visibility helps inform a broader strategy for OT visibility. Download now →

Attack on Montenegro determined to be ransomware.

Montenegro, which continues to work to recover government systems from a cyberattack it's blamed on Russia, have now, Reuters reports, called the incident ransomware. The country's Public Administration Minister, Maras Dukaj, said that no ransom demand had yet been received, but that some stolen data had been spotted online. Dukaj said, "We have already got an official confirmation, it can also be found on the dark web where the documents that were hacked from our system's computers will be published." Thus the attack, which has substantially disrupted public services in the Balkan country, seems to be a double-extortion attack.

The gang that's claimed responsibility is the Cuba ransomware group, according to ITPro. Cuba is a Russophone operation that has nothing to do with Havana. The FBI described Cuba in December of last year. In April of this year security firm Profero linked Cuba to Russia, with their attribution based largely on linguistic cues. In June Trend Micro researchers reported a surge in Cuba's activity, along with the gang's deployment of some new tools. It seems likely that the operation against Montenegro represents Russian privateering; in any case the government in Podgorica hasn't backed away from its announced conclusion that the campaign represents Russian retaliation for Montenegro's support for Ukraine. CyberNews has published a screenshot of Cuba's claim-of-hack, and briefly describes the circumstantial case for linking the gang to Russia.

The disruptions to public services in Montenegro have been serious enough for the US embassy to issue, TechCrunch reports, an unusual warning to US citizens, advising them that the “persistent and ongoing” cyberattack "may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.” US citizens are advised to limit their travel, review their personal security plans, and stay aware of their surroundings.

The AP reports that the US Federal Bureau of Investigation (FBI) has dispatched a response team to Montenegro to assist the Ministry of Justice with its investigation.

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s Women in Cybersecurity reception is returning this fall. Support the premiere networking event that highlights and celebrates the value and successes of women in the cybersecurity industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. View our available sponsorships and benefits.

Ragnar Locker's current interests.

Cybereason this morning published an account of the Ragnar Locker threat actors. Their key findings confirm much of what's long been known or suspected about the operation, and adds details on the group's evolution. Ragnar Locker has joined other ransomware actors (like Cuba and the former Conti group) in paying particular attention to the energy sector. Ragnar Locker has claimed, for example, the Greek natural gas delivery company DESFA as one of its victims.

Active for at least three years, Ragnar Locker has become increasingly evasive. Its ransomware now "checks if specific products are installed, especially security products (antivirus), virtual-based software, backup solutions and IT remote management solutions." And, of course, it's aligned with Russia. "Ragnar Locker avoids being executed from countries since the group is located in the Commonwealth of Independent States (CIS)." The CIS is an association of former Soviet Republics that have remained in a more-or-less uneasy with the Russian heir to the USSR.

Recruiting for gangland.

Digital Shadows has published a report on how cybercriminals are skirting bans of ransomware-related content on underground forums. Two of the most popular criminal forums, XSS and Exploit, banned recruitment for ransomware affiliates after the Colonial Pipeline attack last year, in order to avoid being targeted by law enforcement.

In response, forum users began wording their posts in a way that doesn’t explicitly mention ransomware. For example, instead of stating that they’re seeking ransomware affiliates, the crooks will say their “team is looking for pentesters.”

The researchers conclude, “Overall, in practical terms, there is almost no compliance with the forum bans on commercial ransomware content on Exploit and XSS. The trade seems to be alive and well on these platforms. For those who wish to recruit affiliates or buy and sell ransomware, success is only a carefully-worded post away.”

Mobile app supply chain vulnerabilities.

The Symantec Threat Hunter Team, part of Broadcom Software, released a blog yesterday detailing mobile app supply chain vulnerabilities. The team says that issues with the supply chain in relation to mobile apps include:

“Mobile app developers unknowingly using vulnerable external software libraries and SDKs,”
“Companies outsourcing the development of their mobile apps, which then end up with vulnerabilities that put them at risk,”
“Companies, often larger ones developing multiple apps across teams, using cross-team vulnerable libraries in their apps”

Over 1,800 apps were identified to contain hard-coded AWS credentials, of which 98% were iOS apps. 77% contained valid AWS tokens that allow access to AWS cloud services, and 47% included tokens that gave access to numerous files via the Amazon Simple Storage Service. Interestingly, over half of the AWS tokens discovered were found to be used in other apps, even from differing developers and companies, and were traced to shared components within apps.

Notes.

Today's issue includes events affecting Australia, China, the European Union, Greece, Montegnegro, Russia, Ukraine, the United Kingdom, and the United States.

Dateline Moscow, Kyiv, Podgorica: A counteroffensive, recruiting troubles, and privateering.

Ukraine at D+189: The third day of Ukraine's counteroffensive. (CyberWire) Ukraine claims to have made slow but significant progress in its counteroffensive around Kherson. Isolation of the battlefield continues, with rocket strikes against bridges and airstrikes against Russian air defense radars. Russia continues to look for a solution to its manpower shortages. And the cyberattack against Montenegro is now known to be a ransomware campaign.

Russia-Ukraine war: List of key events, day 190 (Al Jazeera) As the Russia-Ukraine war enters its 190th day, we take a look at the main developments.

Ukraine exploits Russia’s ‘thin’ defences in Kherson counter-offensive (The Telegraph) Kyiv has pushed back the front line by ‘some distance’, according to the Ministry of Defence

Ukraine nuclear reactor shut down due to shelling, operator says (Reuters) One of two operational reactors at Ukraine's Russian-held Zaporizhzhia nuclear plant complex has been shut down due to Russian shelling, operator Energoatom said on Thursday.

Ukraine war: Zaporizhzhia reactor 'shut down' amid heavy shelling (The Telegraph) One of the six reactors at a Russian-held nuclear plant in southern Ukraine has shut down as an emergency protection measure after shelling in the area, Ukraine's nuclear agency said.

Russia-Ukraine war: UN inspectors reach Zaporizhzhia nuclear plant despite reports of shelling – live (the Guardian) IAEA team seen arriving at the plant in a large convoy with a heavy presence of Russian soldiers nearby

Ukraine exploits Russia’s ‘thin’ defences in Kherson counter-offensive (The Telegraph) Kyiv has pushed back the front line by ‘some distance’, according to the Ministry of Defence

Zero Hour in Ukraine (Puck) There is understandable trepidation in Washington and Kyiv as Ukraine mounts a stunning counteroffensive. Should it succeed, it would solidify Ukraine’s reputation as the military comeback kid. If it fails, it could make this winter’s triumph look like a fluke—and embolden Putin for a new wave of horrors.

WSJ News Exclusive | Ukrainian Soldiers Say They Are Advancing in the South, but at a Cost (Wall Street Journal) Ukrainian army units are pushing toward the city of Kherson, but Ukrainian officials and military analysts have said losses could be high, even if the offensive is successful.

Ukraine war: Intense fighting rages as Kyiv 'breaks through' Russian defences in Kherson (The Telegraph) "Heavy fighting" has broken out across nearly all of the southern Kherson region, after Ukrainian forces broke Russian defences in their long-awaited counter-offensive to retake the territory.

Alcohol-swigging Russian soldier kills two FSB officers in drunken shootout (The Telegraph) Deadly row in a cafe in occupied Kherson shows chaotic nature of Kremlin forces

Russia's military suffering manpower shortages -U.S. intelligence (Reuters) The Russian military is suffering manpower shortages as it battles Ukraine and is seeking to recruit contract service members and may even draw in convicted criminals, a U.S. official said on Wednesday, citing U.S. intelligence.

A Draft for Russia’s Army? Putin Opts for Domestic Stability Instead. (New York Times) Western officials are puzzled by the Russian leader’s decision to avoid mass conscription. But analysts say he is intent on maintaining a sense of normalcy to prevent any public backlash.

Ukraine is using a ghost army of fake HIMARS to trick Russian artillery (Task & Purpose) Ukraine has found a useful tactic: Wooden artillery decoys designed to trick Russia into wasting munitions.

Why Washington should provide ATACMS weapons to Ukraine (Defense News) The ATACMS can help Ukraine defeat the invasion while avoiding direct conflict between Russia and NATO.

Montenegro blames criminal gang for cyber attacks on government (Reuters) Montenegro on Wednesday blamed a criminal group called Cuba ransomware for cyber attacks that have hit its government digital infrastructure since last week, described by officials as unprecedented.

FBI's team to investigate massive cyberattack in Montenegro (AP NEWS) A rapid deployment team of FBI cyber experts is heading to Montenegro to investigate a massive, coordinated attack on the tiny Balkan nation's government and its services, the country's Ministry of Internal Affairs announced Wednesday.

US issues rare security alert as Montenegro battles ransomware (TechCrunch) The U.S. Embassy issued an unprecedented warning about an "persistent and ongoing" cyberattack in the eastern European country.

Cuba ransomware group claims attack on Montenegro government (IT PRO) The double extortion specialists claim to have stolen the data days before Montenegro announced a sustained and co-ordinated series of cyber attacks targeting it from Russia

Cuba Ransomware Team claims credit for attack on Montenegro (Databreaches.net) When Montenegro claimed Russian hackers attacked them, most of us probably didn’t think about the Cuba ransomware team, but the Cuba group claimed credit for the attack.

Montenegro blames Cuba ransomware for cyberattack (Cybernews) The cyberattack that crippled the Montenegro government’s digital infrastructure was likely carried out by a Russia-linked Cuba ransomware gang, authorities claim.

Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government (SecurityWeek) Montenegro’s government was recently hit by a massive Russian cyberattack and the Cuba ransomware group may have been involved.

Meme war: You can pay to get memes painted on Ukrainian artillery, bombs, and rockets (Task & Purpose) There’s at least one Ukrainian artillery battery that will combine your love of trolling with high explosive munitions.

The Undignified Fall of Russia’s Once-Dignified Diplomatic Corps (Foreign Policy) Russian diplomats were once viewed with begrudging respect in the West. Now they’re seen as irrelevant mouthpieces for Putin’s war in Ukraine.

EU agrees to suspend Russian visa facilitation deal - but no blanket ban (The Telegraph) The EU has agreed to suspend a visa facilitation deal with Russia, but stopped short of a blanket ban as requested by Ukraine.

Russia just exported the most oil in any August on record, with Greek tankers handling most of the cargoes (Markets Insider) "Russia is exporting more crude than ever," the Institute for International Finance said, adding that Greek-owned tankers were doing much of the work.

WSJ News Exclusive | U.S., Allies Prepare to Outline Plan to Limit Price of Russian Oil (Wall Street Journal) Western nations will set out a plan Friday to reduce Russian energy revenues without increasing global oil prices.

Russia halts natural gas flows via Nord Stream 1 pipeline, intensifying the pressure on Europe in its energy crisis (Markets Insider) Moscow is choking off Europe's energy supply to hit back against Western sanctions imposed after the invasion of Ukraine.

Putin has pulled off a shock win that could destroy the free world (The Telegraph) The Kremlin’s energy war is pushing Europe and the UK towards economic meltdown and socialism

Satellite phones, a safe house in the mountains, and cash reserves: How one Ukrainian tech company's extensive war-prep plan enabled it to grow amid the Russian invasion and even aid the fight (Business Insider) WeSoftYou founder Maksym Petruk said its war prep gave employees' families a sense of safety and got the company back to 90% operational in two days.

Mikhail Gorbachev had 'huge impact on the course of world history', says Vladimir Putin (The Telegraph) Vladimir Putin expressed 'deepest condolences' after the 91-year-old died following a 'serious and prolonged illness'

History's bookends: Putin reversed many Gorbachev reforms (AP NEWS) One stood for freedom, openness, peace and closer ties with the outside world. The other is jailing critics, muzzling journalists, pushing his country deeper into isolation and waging Europe’s bloodiest conflict since World War II.

Mikhail Gorbachev: No state funeral for leader who oversaw Soviet Union’s collapse (The Telegraph) Kremlin says former Soviet leader was wrong to trust the ‘bloodthirsty’ West

The defining moments and fall of Mikhail Gorbachev's political career (The Telegraph) The former Soviet leader became invisible when he was placed under house arrest, leading to the rise of Boris Yeltsin

The West’s Illusions About Gorbachev and the Victory of Liberalism (New York Times) As the Soviet Union’s final leader, Mikhail Gorbachev dreamed of a “common European home,” but three decades later that tantalizing idea remains out of reach.

Attacks, Threats, and Vulnerabilities

Chile says gov’t agency struggling with ransomware attack (The Record by Recorded Future) Chile’s cybersecurity incident response team said an unnamed government agency is dealing with a ransomware attack that started last Thursday.

Hackers Hit Italian Oil Giant Eni’s Computer Network (Bloomberg) Eni evaluating consequences, saying they “are currently minor.” Earlier this week energy agency GSE suffered malware attack.

THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector (Cybereason) The Cybereason Global Security Operations Center (GSOC) Team issues Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for protecting against them.

Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & Russia’s Evil Corp Gang Suspected, Reports eSentire (eSentire) eSentire's Threat Response Unit discovered that the IT infrastructure used to attack Cisco in May 2022 was also used in an attempted compromise of one of its clients in April 2022. Learn more about the threat actors behind this attack, how they gained network access, tools used and tips to protect…

BianLian Ransomware Gang Gives It a Go! ([redacted]) [redacted] gives our clients control—not just over the security of their business, but also over their adversaries. We offer end-to-end security with the unique ability to attribute and pursue attackers.

Behind the News: The Ragnar Locker Attack on Greek Natural Gas Supplier DESFA - Radiflow (Radiflow) We provide analysis of the Ragnar Locker ransomware and data interception attack on Greek Natural Gas Supplier DESFA's IT & OT operations.

Deep Dive into a Corporate Espionage Operation (Bitefender) Corporate espionage is on the rise targeting smaller organizations rather than enterprises. Learn what it is and recommendations on how to combat it.

Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information (Broadcom Software Blogs / Threat Intelligence) Over three-quarters of the apps Symantec analyzed contained valid AWS access tokens that allowed access to private AWS cloud services.

TikTok bug discovered by Microsoft allows one-click account hijack (Computing) The security issue has been fixed by TikTok so users should ensure they are on the latest version

A ‘high severity’ TikTok vulnerability allowed one-click account hijacking (The Verge) A malicious link would have been enough to take over a profile.

Ragnar Locker ransomware claims attack on Portugal's flag airline (BleepingComputer) The Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by the airline last Friday.

Attackers now actively use silver offensive security framework (IT World Canada) Microsoft security experts believe that the Silver framework is actively used by cyberattackers to carry out intrusion campaigns.

Hacker Uses James Webb Space Telescope Image for Malware Attack (PCMAG) The hacker's rigged image, which carries computer code to help execute a malware program, can bypass antivirus detection.

Hackers Snuck Malware into an Image From the Webb Space Telescope (Gizmodo) A piece of the malware is hidden within a copy of SMACS 0723, the first full-color image from the Webb Space Telescope.

Webb's deep field picture infected with malware (Cybernews) The James Webb Space Telescope’s scientific endeavor has grasped our attention, reporting news about the early universe. As is typical with trends, threat actors followed, exploiting one of Webb’s pictures to deliver the payload.

Migration policy org confirms cyberattack after extortion group touts theft (The Record by Recorded Future) The International Centre for Migration Policy Development (ICMPD) confirmed on Wednesday it suffered a cyberattack that led to a data breach.

Sharing is NOT caring: Android apps that can’t get enough of you - Incogni Blog (Incogni Blog) Taking inspiration from Apple's “privacy labels”, Google first announced the introduction of its new data safety section back in 2021. Finally, since July 20

Real Money, Fake Musicians: Inside a Million-Dollar Instagram Verification Scheme (ProPublica) A jeweler. A plastic surgeon. An OnlyFans Model. They and others received a blue check in likely the biggest Instagram verification scheme revealed to date. After ProPublica started asking questions, Meta removed badges from over 300 accounts.

“Looking for pentesters”: How Forum Life Has Conformed to the Ransomware Ban (Digital Shadows) Digital Shadows consistently monitors ransomware groups and cybercriminal forums, tracking their victims behavior, and related chatter. Read more.

Security Patches, Mitigations, and Software Updates

Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet? (WIRED) Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.

Apple backports fix for actively exploited iOS zero-day to older iPhones (BleepingComputer) Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.

Chrome patches 24 security holes, enables “Sanitizer” safety system (Naked Security) 24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.

Trends

Creating Connections: Starting early. (CyberWire) We are moving into the fall. Time is still moving in a sometimes really fast, and also sometimes weirdly slow way thanks to the legacy of the pandemic.

Self-harm posts are surging on Twitter, despite breaking content rules (Washington Post) Self-harm-related hashtags have increased roughly 500 percent since October, a new report says

Cybersecurity risk disclosures and oversight (EY) Learn how enhanced cybersecurity-related disclosures help stakeholders and investors to make them understand to govern cybersecurity risks.

Marketplace

ConnectWise Announces Acquisition of Wise-Sync (GlobeNewswire News Room) ConnectWise partners to benefit from an integrated payment processing platform built into ConnectWise Manage and now, ConnectWise Sell...

CRN Fast50 firm Wise-Sync acquired by ConnectWise (CRN Australia) Melbourne firm enables MSP giant to take first step into payment processing.

CrowdStrike Reports Second Quarter Fiscal Year 2023 Financial Results (CrowdStrike) Ending ARR grows 59% year-over-year to reach $2.14 billion. Achieves record net new ARR of $218 million with accelerating year-over-year growth. Adds record 1,741 net new subscription customers. Cash flow from operations of $210 million grows 94% year-over-year, free cash flow of $136 million grows 84% year-over-year

CACI wins $5.7 billion award to start privatizing Air Force network management (Federal News Network) The ten-vendor team led by CACI will be responsible for "Wave 1" of the Air Force's EITaaS rollout, focusing on end-user devices, IT service management and support services.

Telstra to tear out Digicel’s Huawei equipment in ‘next refresh’ (Australian Financial Review) Oliver Camplin-Warner, Telstra International chief executive, said the Papau New Guinea-based telco would remove equipment from the Chinese state-owned infrastructure company due to national security concerns.

Incode Expands Executive Team, Appointing New Global Vice President of Growth and Enablement (PR Newswire) Incode, the next-generation identity verification and authentication platform for global enterprises, today announced the appointment of...

Skyhigh Security Appoints John N. Stewart as Executive Advisor (Business Wire) Skyhigh Security today announced the appointment of John N. Stewart, angel investor and President at Talons Ventures, as Executive Advisor. Stewart wi

Barracuda names Chris Ross as Chief Revenue Officer Posted date: 2022-09-01 3:00 AM (Barracuda) Barracuda, a trusted partner and leading provider of cloud-first security solutions today announced that security, storage and channel veteran Chris Ross has been appointed Chief Revenue Officer (CRO), responsible for worldwide sales and partnerships. Ross joined Barracuda in 2015 as senior vice president of international sales and brings over 30 years of technology experience to the company.

Products, Services, and Solutions

Palo Alto Networks Strengthens Its Protection for SaaS Applications and Reinforces ZTNA 2.0 With New Capabilities (Palo Alto Networks) The introduction of SaaS Security Posture Management (SSPM), powered by the company's Next-Gen CASB technology, reduces data breaches related to SaaS misconfigurations SANTA CLARA, Calif., Aug....

Netenrich Resolution Intelligence Cloud Now on Google Cloud Marketplace (Netenrich) Resolution Intelligence Cloud is a data analytics SaaS platform for managing secure operations. We are now available on Google Cloud Marketplace.

Strider Technologies Partners with Mandiant to Protect Against Intellectual Property Theft from State-Sponsored Actors - Strider | Prevent intellectual property theft and supply chain vulnerabilities (Strider | Prevent intellectual property theft and supply chain vulnerabilities) Strider Technologies, Inc. (“Strider”) today announced a new strategic partnership with Mandiant to deliver joint customers access to the Strider Shield™ dataset as part of their suite of Mandiant Insider Threat Security Services. The partnership is designed to provide organizations with actionable and contextualized insights that will help […]

(ISC)² Launches Certified in Cybersecurity℠ Entry-Level Certification to Address Global Workforce Gap (PR Newswire) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today announced a landmark expansion of its...

(ISC)² Candidates Make Cybersecurity Career Success Accessible to More People (PR Newswire) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today launched (ISC)² Candidates for individuals...

(ISC)² Opens Global Enrollment for One Million Certified in Cybersecurity (PR Newswire) /PRNewswire/ -- (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today announced that the (ISC)² One Million...

Styra Further Shifts Security Left With New Policy-as-Code Repository Scanning (Business Wire) Styra introduces Repo Scan as the newest feature in the Styra Declarative Authorization Service (DAS).

Traceable AI Announces API Security Testing (PR Newswire) Traceable AI, the industry's leading API security and observability company, today announced the general availability of its API Security...

IHSE USA Debuts Draco tera KVM-over-IP Gateway (InGear) The Draco tera IP Gateway Combines the Security and Performance of the Draco tera KVM System to Create the Ultimate Bridge to KVM Matrices over IP Networks

Tenacity platform enhancements provide visibility into entire AWS and Azure cloud infrastructure (Help Net Security) Tenacity Cloud launched agentless, automated and self-directed activation capability with immediate deployment within its platform.

Technologies, Techniques, and Standards

CISA Seeks Software Engineers to Build New Registrar for .Gov Domain (Nextgov.com) The agency is taking new hiring authorities out for a spin in the recruitment effort to make state and local government websites more secure

NCSC and Federal Partners Focus on Countering Risk in Digital Spaces during National Insider Threat Awareness Month 2022 (ODNI) NCSC and Federal Partners Focus on Countering Risk in Digital Spaces during National Insider Threat Awareness Month 2022 For Immediate Re...

Academia

Cyberbit Launches First Hyper-Realistic Cyber Security Tournament for Higher Education (PR Newswire) Cyberbit, provider of the world's leading cyber readiness and skills development platform, has announced the International Cyber League:...

NACD, Carnegie Mellon University, and Ridge Global Unveil Updated Cyber Certificate Program for Board Directors (NACD) The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 23,000 board members, today announced the release of new improvements to its CERT Certificate in Cyber-Risk Oversight Program.

Legislation, Policy, and Regulation

U.S. Restricts Sales of Sophisticated Chips to China and Russia (New York Times) Limits were placed on high-end GPUs that power supercomputers and artificial intelligence, said Nvidia and AMD, two Silicon Valley chip makers.

Nvidia, AMD warned of new US export restrictions on AI chips (Protocol) The U.S. government has issued new export licensing requirements to Nvidia and AMD for export to China and Russia of the advanced GPUs used for AI.

Australia’s New Anti-Encryption Law Is Unprecedented and Undermines Global Privacy (Foundation for Economic Education) If firms don't have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data.

The European Union Opens “Tech Embassy” in Silicon Valley Ahead of New Technology Regulations (Snell & Wilmer) Snell & Wilmer is one of the largest law firms in the western Unites States.

The FTC May (Finally) Protect Americans From Data Brokers (WIRED) The agency’s lawsuit against Kochava should squash the industry’s core defense—and help keep sensitive info off the open market.

FTC ANPR Notice Explores Wide-Ranging Topics for Privacy and Cybersecurity Rulemaking (Lexology) On Thursday, August 11, the U.S. Federal Trade Commission (FTC) announced that it is exploring rules to crack down on harmful commercial surveillance…

Plugging Cyber Holes in Federal Acquisition (Meritalk) By Ken Walker, President & Chief Executive Officer, Owl Cyber Defense

NSA, Cyber Command mobilizing Election Security Group to fight foreign cyberattackers (The Washington Times) The National Security Agency and Cyber Command have activated their Election Security Group tasked with disrupting foreign cyberattackers aiming to hack or interfere with the upcoming midterm elections, assembling a team to combat threats coming from China, Iran and Russia.

The IRS will be more like the NSA after Biden’s changes (The Hill) President Biden and the Democrats are setting up the IRS as the next three-letter intelligence agency, with the rapid expansion of the service’s power and payroll. Changes resulting from the improp…

US Army to launch offensive cyber capabilities office (Defense News) Offensive cyber is defined as “operations intended to project power by the application of force in or through cyberspace,” according to NIST.

Army to create new offensive cyber and space program office (FedScoop) The Army will create a new offensive cyber and space program office in 2023, spinning it off from its electronic warfare portfolio, according to officials. The new colonel-led, or O-6 level, program office will be under Program Executive Office Intelligence Electronic Warfare and Sensors and will be aptly called Program […]

Litigation, Investigation, and Law Enforcement

DHS watchdog digs into uneven cyber awareness training, outdated policies (FCW) Some DHS policies and procedures aren’t up-to-date with the latest cybersecurity standards, a new report from the Office of the Inspector General at DHS says. The department, however, says that it’s taking action to mature their training program.

Experts, not MPs, should assess NHS data sharing - NDG (Computing) Independent advisor National Data Guardian for Health and Social Care urges more public involvement in decisions over health data

Sephora fined $1.2m over alleged consumer privacy breach in California (Cosmetics Business) The California Consumer Privacy Act was implemented in 2018 to give consumers more control over the personal information that businesses collect about them

US asked British spy agency to stop Guardian publishing Snowden revelations (the Guardian) Head of GCHQ rebuffed late-night request from National Security Agency amid strained relations in Five Eyes intelligence coalition

Opinion The Mar-a-Lago case is about national security, not politics (Washington Post) To protect our national security, we need to take politics out of the Mar-a-Lago documents case.

State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation (CyberScoop) The former intelligence operatives worked in a hacking unit of the cybersecurity firm DarkMatter, which is known for developing spyware.

Final Thoughts on Ubiquiti (KrebsOnSecurity) Last year, I posted a series of articles about a purported "breach" at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false…

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

2022 SINET16 Innovator Award – Live Winners Announcement (Virtual, Sep 7, 2022) Winners of the 12th annual SINET16 Innovator Award will be announced during a live webinar on September 7th by Robert Rodriguez, Chairman & Founder of SINET alongside Siddhant Trivedi, Partner at Foundation Capital and Shaun Khalfan, SVP Chief Information Security Officer at Discover Financial Services. This year, 193 early-stage companies applied to be SINET16 Innovators, who were scored by an esteemed group of 117 judges representing Fortune 500 CISOs, Risk Executives, and the world’s leading venture capitalists and investment bankers. The 16 most innovative and compelling companies were selected.

Uniting Women in Cyber 2022 (McLean, Virginia, USA, Sep 27, 2022) Uniting Women in Cyber, the premier annual conference hosted by The Cyber Guild, is a flagship event that welcomes and unites individuals from all walks of life, stages in their careers, and career interests, in Cybersecurity. Cyber is everywhere and our security, from a national to a personal perspective, whether privatizing data or shifting a collective “ripe for the taking” mindset through dis/information,- should be of paramount importance and is central to how we should educate this and future generations. UWIC ’22 “Stronger Together” will focus on workforce advancement and security (national and personal) from both industry and government perspectives. We will discuss the benefits of including non-traditional talent and the importance of psychological safety, as well as discuss government agencies and leading industry cybersecurity agendas This conference will unpack the human considerations around our culture and societal norms, transitioning paths for professionals, developing non-traditional talent, and unearthing mindsets that will enable change and growth.

BlackBerry Security Summit 20022 (New York, and virtual, New York, USA, Oct 26 - 28, 2022) Expand your defenses for an expanding attack surface. Join BlackBerry executives and world-renowned speakers to learn how to fight malicious actors and empower a hybrid workforce in today's challenging multi-workload, multi-cloud, and multi-workspace IT environment. The Summit meets in-person on October 26th at the New York Stock Exchange (the in-person event is by invitation only). It also meets viturally on October 26th through 28th.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Nov 28 - Dec 2, 2022) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Jan 9 - 13, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Feb 6 - 10, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Events

13th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 7 - 9, 2022) The world's leading government summit on cybersecurity will continue its unique educational mission of convening the who's who in cybersecurity: the senior leadership from the U.S. government, our allied partners, and their industry and academic partners. Given the fast moving strategic direction that the Biden Administration has generated over the past year, this event will take a holistic view of the cybersecurity business with a hearty dose of topics covering Zero Trust, proactive cyber defense measures, partnership building, offensive cyber, and a continued look at what the future will bring to the cybersecurity mission. Once again, Billington will play host to the Federal Government's most senior cyber and IT managers and experts, some of the most innovative cybersecurity providers in the business, and a broad range of expertise from across the public and private sectors. Like the past Billington events, we expect groundbreaking news and a content rich discussion focused on lessons learned, best practices, and things to consider as you build and enhance your own cybersecurity programs.

Hack Red Con 2022 (Louisville, Kentucky, USA, Sep 7 - 11, 2022) Hack Red Con 2022 is a Cyber Security Conference, Training and Networking 4 day event with an emphasis on Red Teaming, Pen Testing, Social Engineering, and all aspects of Off Sec. The Conference aims to connect Off Sec Professionals, Companies, Educators, Influencers, Investors, Entrepreneurs and Federal, State, Local Government Agencies together. This 4 day event will have 2 intense training days of the latest in Off Sec Education by the industries top hackers and industry experts. The following 2 conference days will include world class key note speakers, industry talks, roundtables, events including Hack the Flag, Jeopardy and Kentucky Bourbon, Lock Hack Challenges, Hack Career Meet & Great, Invest in Cyber, and of course the sickest Swag and Gear Giveaways.

WiCyS Book Club (Virtual, Sep 12, 2022) Join us on September 17 at 12pm CT for the first WiCyS Book Club meeting! The WiCyS Book Club is about creating the space in our hectic lives to connect as a community and bring diverse perspectives into a lively discussion about pre-selected books. This book club meets bi-monthly and will review various cybersecurity and privacy-related books. Meeting Date/Time: September 17 at 12pm CT Book: Cyber Privacy: Who Has Your Data and Why You Should Care by April Falcon Doss About the Book: You shouldn't have to be a privacy expert to understand what happens to your data. In Cyber Privacy, Doss demystifies the digital footprints we leave in our daily lives and reveals how our data is being used - sometimes against us - by the private sector, the government, and even our employers and schools. Attend the meeting for a discussion about the book and how these issues impact our lives! REGISTRATION IS REQUIRED. After registering, you will receive a confirmation email containing information about joining the meeting.

SASE Converge 2022 (Virtual, Sep 13 - 14, 2022) The concept of work has been completely transformed. It is no longer a location, but an activity. This new era of hybrid work means a new generation of never-before-seen threats. Is your network ready? To succeed in this new world, we need to reimagine our infrastructure to support the flexibility demanded by the modern workforce - without compromising security or user experience. ZTNA 2.0 provides you a critical first step in accomplishing a successful SASE deployment and unlocking this next phase of growth for your organization. Join us at SASE Converge 2022 to learn from industry experts about the latest trends and innovations in SASE, so you can lead the transformation of your infrastructure with confidence.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.