Election threats. Lazarus vs. the energy sector. Gamer-based threats. Lessons from the hybrid war.

Summary

By the CyberWire staff

At a glance.

Threats to US elections.
DPRK targets energy companies.
Adapting anti-cheat engines to malign purpose.
Gamer phishbait.
Cyber lessons learned: the view from Ukraine’s Ministry of Digital Transformation.
"Be brave:" perspectives on the hybrid war.
CISA expands the Known Exploited Vulnerabilities Catalog.
ICS security advisories.

Threats to US elections.

The Register reports that Mandiant says that they are “highly confident” that cyberspies from other nations may target US elections this year. "We have tracked activity from groups associated with Russia, China, Iran, North Korea, and other nations targeting organizations and individuals related to elections in the US and/or other nations with apparent goals ranging from information collection and establishing footholds or stealing data for later activity to one known case of a destructive attack against critical election infrastructure," Mandiant said in research. Mandiant also said that they believe with “moderate confidence” that DDoS attacks, ransomware, and other disruptive attacks will impact elections, however, compromising actual voting machines and the like is unlikely.

What’s the future of cybersecurity? Join Trellix at Xpand Live to find out more.

Register for Xpand Live, taking place at the Aria Las Vegas, to hear from Trellix leaders about our vision for the future. During Xpand Live, we will explore our product roadmap as well as our approach to cybersecurity through keynotes, 60+ sessions, demos and more. It will be a week packed with keynotes, product demos, technical trainings and more. Find out more and register today.

Lazarus Group targeting energy companies.

The North Korean Lazarus Group has been found to be targeting US, Canadian, and Japanese energy providers, TechCrunch reports. The Cisco Talos group observed Lazarus using a Log4j vulnerability, known as Log4Shell, to compromise VMware Horizon servers. They then deploy “VSingle” or “YamaBot” malware to maintain long-term access. Talos researchers Jung soo An, Asheer Malhotra and Vitor Ventura said, “The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean government objectives. This activity aligns with historical Lazarus intrusions targeting critical infrastructure and energy companies to establish long-term access to siphon off proprietary intellectual property.”

Don't miss the opportunity to share your company's commitment to diversity and inclusion.

The CyberWire’s Women in Cybersecurity reception returns next month. Show your support of the premiere networking event that highlights and celebrates the value and successes of women in the cybersecurity industry to leaders from the private sector, academia, and government. Limited sponsorships are available. View our prospectus for available sponsorships and benefits.

Adapting anti-cheat engines to malicious purposes.

Eclypsium warns that attackers are targeting gaming anti-cheat engines to reach below a device’s operating system and disable antivirus programs. Many modern game cheats are developed at the UEFI firmware level in order to avoid detection, and anti-cheat systems are increasingly being granted kernel-level privileges to combat them.

“[T]he anti-cheat engines in some games are more complex and powerful than the protections such as antivirus used to protect more traditional applications,” Eclypsium explains. “This is because games have more rigorous requirements. Any manipulation of game data such as modifying player stats, health, or inventory can fundamentally change the game.... Just in the past few weeks, researchers have uncovered ransomware operators using vulnerable anti-cheat drivers from the popular game, Genshin Impact. In this case, the attackers were able to use the anti-cheat drivers in order to disable antivirus services on a compromised host.”

Games also serve as bait.

Researchers at Kaspersky have found that Minecraft and Roblox are the most popular games used as lures for malware distribution, the Register reports. Kaspersky notes that both of these games are popular with children, who are more susceptible to fall for the attacks.

Cyber lessons learned: the view from Ukraine’s Ministry of Digital Transformation.

The third and final day of the annual Billington Cybersecurity Summit met in Washington, DC, on Friday, September 9th, 2022. The day opened with a long session, partly in person, partly by video, on the lesson learned, so far, during Russia’s hybrid war against Ukraine.

Mykhailo Fedorov, Vice Prime Minister, Minister of Digital Transformation of Ukraine, opened the discussion with a video that gave his perspective on the war. Ukraine, he said, has been fighting for both democracy and its survival as a nation. The war began in cyberspace before Russia’s full-scale invasion, and Fedorov thinks that the first lesson to be learned is about the reality of Russian power: it’s been generally overestimated. “We’ve shown the whole world that Russia is not the powerful state everyone thought it was.” Both Russia’s kinetic power and its cyber capabilities were believed to be greater than the war has revealed them to be. “They’re not the second-best army in the world, and they’re not the best hackers in the world, either.”

Russia’s failure to achieve significant strategic effects in cyberspace can be attributed in significant part, Fedorov believes, to Ukrainian defenses, which succeed in thwarting some 98% of cyberattacks daily. He strongly commended the IT Army of Ukraine, which he characterized as “enthusiastic volunteers eager to defend Ukraine’s borders in cyberspace.” He introduced a video that presented Kyiv’s view of how things are going in cyberspace. Interestingly, that video made the case that the main contribution the IT Army had made was in fighting disinformation and propaganda, and a great deal of that fight has been carried to Russian media.

Not only are Russian channels of disinformation being disrupted, and Russian media hijacked to display protest against the war, but the IT Army has also been engaged in delivering news to Russians that their government would they rather not receive. The IT Army is also collecting evidence of war crimes. “We know the names of all the looters.” And, in general, “Ukraine is showing the whole world that in the 21st Century the truth cannot be suppressed.”

"Be brave:" perspectives on the hybrid war.

The panelists who appeared in person, James Lewis, SVP and Director, Strategic Technology Program, at the Center for Strategic and International Studies (CSIS), Dmitri Alperovitch, Co-Founder and Chairman of the Silverado Policy Accelerator, and Georgii Dubynskyi, Ukraine’s Deputy Minister, Ministry of Digital Transformation, also discussed lessons from Russia's hybrid war, but with the reservation, as Alperovitch pointed out, that it was premature to speak with great confidence of lessons learned. This war is still in its early stages.

Georgii Dubynskyi, Ukraine’s Deputy Minister of Digital Transformation, said that the situation on the ground was “difficult,” but that “we are doing our best to drive Russia from our territory.”

“The Russians have obviously made tremendous blunders,” Alperovitch said. “The Russian intelligence services have not been able to achieve significant successes, after the first days of the war.” He sees one early lesson is that it’s possible to prevent the enemy from achieving strategic effects in cyberspace, and he would go on to add that it was in any case over-sanguine to imagine that it would be easy to achieve such effects.

Ukraine has been preparing for this war, in Dubynski’s view, since Russia invaded Crimea. “The war started in 2014, and we were preparing since then.” Ukraine had seen Russian preparations as early as October of 2021, but had been reluctant to fully credit Western (especially US) intelligence warnings that an invasion was in the offing. “But we saw preparations as early as October and November; the Russians began trying to enroll hackers that early, GRU, SVR, and especially FSB. It was important, too, to make some friends. We didn’t believe [war] would come, but we were a little bit ready.”

It was in the first hours of the war that Russia enjoyed its most significant cyber success, notably in its attack on Viasat. Some of what the Russians did was impactful, notably the attack on Viasat. Russia’s ability to shut down Viasat modems in Eastern Europe temporarily “downed” Ukrainian military communications, but those communications were relatively quickly restored as Western companies provided alternatives.

Alperovitch also noted the importance of information operations. “I was surprised there wasn’t more of an attempt to shut down the Ukrainian Internet,” he said. That Ukraine has been able to tell its story has been “an enormous failure” on the part of the Russians. It’s also been remarkable to watch how Ukraine has been able to continue rapid digital modernization during wartime.

If there were one “secret ingredient” in Ukraine’s ability to defend itself in cyberspace, Dubynskyi would identify it as the IT Army. While often characterized as “hacktivists” (a notoriously “gnarly” crew, as Lewis pointed out) the IT Army was also significantly formed from among IT professionals who wanted to contribute to the war effort. “People just came voluntarily on the street and asked to be given weapons, and people from the IT community also volunteered.” Defense, Dubynskyi said, was not enough: “We need active defense. We need to keep this guy busy… These are professional IT experts. They receive their targets through the Telegram channel, openly.” Those targets were official sites, and particularly propaganda sites. The IT Army filled a gap left by Ukraine’s failure to develop an offensive cyber capability.

Alperovitch thought that the IT Army’s experience showed that it’s possible to “hack back” without unconstrained collateral damage. “We’ve seen you can do very precise operations that don’t harm civilians and innocent people.” The hacktivists probably haven’t achieved any strategic results, “and frankly that’s hard to do,” but they have created a nuisance, and they’ve had an effect on morale, both Russian and Ukrainian.

As far as the decision to go over to the attack in cyberspace, Dubynskyi said, “We had no other choice,” because “a small Soviet army can’t defeat a big Soviet army.” Ukraine had to innovate under the pressure of invasion.

The other key decision Ukraine took was to move its data to the cloud. Cyber attacks came in conjunction, as the war began, with kinetic strikes that destroyed data centers. Just before Russia invaded, Ukraine allowed public data to be moved to public clouds, and so the cruise missiles that hit the official data centers didn’t destroy the data. “Amazon, Microsoft, Google, Oracle, responded to our call quickly. And other governments offered private clouds, notably Poland and the Baltic states. Collaboration with Big Tech has been very important to us.”

Dubynskyi offered some final thoughts. He emphasized the necessity of strengthening digital resilience, of close cooperation with friendly countries, engagement with Big Tech, and getting the media involved in countering disinformation. “Do not allow yourselves to be threatened by Russia. And be brave.”

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

CISA flags twelve known exploited vulnerabilities for attention and remediation.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added twelve vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV). In accordance with Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, Federal civilian executive agencies whose security CISA oversees have until September 29th, 2022, to take action to remediate them. Five of the vulnerabilities are in products that have reached their end-of-life, and whose use should be discontinued. For the other seven, agencies are directed to apply vendor-supplied updates. Michael Assraf CEO & Co-founder of Vicarius notes that a number of this week's entries into the Catalog are hardware issues. “Typically the CVEs we see added to the KEV are located in software, SaaS tools, web browsers, or Windows," he wrote in an email. "It is abnormal to see so many vulnerabilities in hardware, and in particular, routers -- as we do with this batch. Of the dozen vulnerabilities, 50% of them are in routers. D-Link, a networking equipment manufacturer based in Taiwan, has four vulnerabilities alone, all affecting products that are end-of-life. One of them, CVE-2011-4723, involves storing cleartext passwords. CISA only adds vulnerabilities to the KEV catalog if there is clear remediation guidance. In this case, the action is clear: disconnect the product if still in use.”

CISA releases four ICS security Advisories.

Two of the CISA Advisories are for Industrial Control Systems (ICS), one for MZ Automation GmbH libIEC61850 ("mitigations for Buffer Overflow, Access of Resource Using Incompatible Type, NULL Pointer Dereference vulnerabilities"), and one for PTC Kepware KEPServerEX (Update A) ("mitigations for Heap-based Buffer Overflow and Stack-based Buffer Overflow vulnerabilities").

The other two are for Medical Industrial Control Systems: Baxter Sigma Spectrum Infusion Pumps ("mitigations for Missing Encryption of Sensitive Data, Use of Externally Controlled Format String, Missing Authentication for Critical Function vulnerabilities") and Hillrom Medical Device Management (Update B) ("mitigations for Out-of-bounds Write, Out-of-bounds Read vulnerabilities").

Notes.

Today's issue includes events affecting Albania, China, the European Union, India, Iran, the Democratic People's Republic of Korea, NATO/OTAN, the Netherlands, the Philippines, Russia, Ukraine, the United Kingdom, and the United States.

Dateline Moscow, Kyiv, and Washington: Lessons learned from the hybrid war.

Ukraine at D+197: Lessons from the hybrid war. (CyberWire) As Ukraine's counteroffensive makes progress, the Billington Cybersecurity Summit in Washington, DC, hears about the lessons Ukraine has been able draw from its experience with Russia's hybrid war.

Ukraine’s lightning offensive is making ‘fastest gains of war so far’ (The Telegraph) Spearheads have advanced more than 30 miles into Russian-held territory, as the US unveils a further $2.8 billion in military aid

Ukraine penetrates Russian front lines in surprise attack near Kharkiv (The Telegraph) Sources report the settlements of Verbivka and Volokhiv Yar have been retaken and the town of Balakliya is 'operationally surrounded'

As Ukraine pushes southern offensive, it also hits Russia in the northeast (CNN) Ukrainian President Volodymyr Zelensky has hailed "good news" from the northeastern Kharkiv region, after an apparent surprise counter-offensive forced Russian troops onto the back foot and prompted a pro-Kremlin official to call for evacuations.

Putin’s War Drives Refugees From Occupied Kherson (Foreign Policy) Fighting in Ukraine’s south has caused an exodus.

There can be no compromise between Russian genocide and Ukrainian freedom (Atlantic Council) Calls for a negotiated peace settlement in Ukraine fail to recognize that Russia's imperial ambitions and the Kremlin's genocidal objectives render any kind of compromise incompatible with Ukrainian statehood.

Ukrainian hit squads target Russian occupiers and collaborators (Washington Post) For anyone contemplating a top administrative position in the Russian-occupied territories in Ukraine, Kyiv authorities have a message: Be afraid. Very afraid.

Extortion gangs no longer avoid hitting Russian firms (Cybernews) Moscow’s military escapades in Ukraine have affected more than Europe’s geopolitical landscape. Russia’s invasion changed how threat actors conduct their day-to-day business.

This Clever Anti-Censorship Tool Lets Russians Read Blocked News (WIRED) Samizdat Online syndicates banned news sites by hosting them on uncensored domains—allowing people to access independent reporting.

Unpacking Russia's Cyberwarfare Capabilities | CEPA (CEPA) In the unsettling landscape of Russia’s ongoing war in Ukraine, the Kremlin's cyber operations remain one of the most enduring mysteries.

The conflict in Ukraine is likely to cause the decline of malicious Android apps (Taylor Daily Press) Smartphones with outdated Android software remain a security risk September 9, 2022 – of analysis...

Weaponized cybercrime: What organizations can learn from the conflict in Ukraine (Check Point Software) On February 24th, 2022, Russia launched a full-scale military invasion of Ukraine with attacks on land, sea, air. What has been less visible but

The Russia-Ukraine War Exemplifies the Rise of Hybrid Conflicts: Latin America Should Pay Attention (Global Americans) Hybrid tactics will increasingly play a role in the theater of conflict, so Latin American leaders and the region’s public should prepare accordingly.

Vladimir Putin’s total defeat is now within reach (The Telegraph) Liz Truss and her Foreign Secretary will have to work hard to maintain Western unity in coming months

Russia may not survive Putin’s disastrous decision to invade Ukraine (Atlantic Council) The Russian Federation looks set to face growing threats from domestic separatist movements in the coming years as Vladimir Putin's disastrous decision to invade Ukraine serves as a catalyst for imperial collapse.

Ukraine Holds the Future (Foreign Affairs) The war between democracy and nihilism.

Blinken, in Kyiv, pledges to support Ukraine ‘for as long as it takes’ (Washington Post) Secretary of State Antony Blinken pledged lasting U.S. support for Ukraine during a visit to Kyiv on Thursday, as the Biden administration seeks to help Ukraine’s military recapture territory now occupied by Russian invaders.

Ukraine war: US approves $2.6bn in aid for Ukraine and allies (BBC News) Defence Secretary Lloyd Austin announces military support at a meeting with other ministers in Germany.

Most-Accurate US Artillery Shell Is Added to Ukraine’s Arms (Bloomberg) Supplying of Excalibur shells wasn’t previously confirmed. The Pentagon is spending $92 million to replenish its stock.

Why US allies in the Middle East aren’t taking sides in the Ukraine war (Atlantic Council) Staying neutral, or balancing between the two sides, may be the best that Washington can expect.

How Turkey can play a more constructive role in Russia’s war on Ukraine (Atlantic Council) For Ankara to create regional peace and stability, it must boost support to Kyiv rather than pressure it into compromise.

Scholz and Macron Have a Perilous Ambition for Europe (Foreign Policy) The idea of “European strategic autonomy” just won’t go away.

New Apple iPhone will be available in Russia, trade minister says (Reuters) Russians will have the chance to buy the new Apple iPhone 14 despite the U.S. tech company having left the country thanks to Moscow's parallel import scheme, a senior government official told the RIA Novosti news agency on Thursday.

Attacks, Threats, and Vulnerabilities

U.S. blames Iran for 'reckless and irresponsible' cyber attack on Albania (Reuters) The United States has concluded that Iran was responsible for a July 15 cyber attack and subsequent hacking operations against Albania and will hold Tehran responsible for the actions against its NATO ally, the White House said on Wednesday.

NATO-Member Albania Cut Ties With Iran Over Cyber-Attack (Infosecurity Magazine) Tehran denied any link, claiming Tirana’s action was “based on such baseless claims”

Classified NATO documents stolen from Portugal, now sold on darkweb (BleepingComputer) The Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web.

Portugal government cyber attack allegedly leaks "hundreds" of classified NATO documents (IT PRO) Reports in Portugal have suggested the classified files were lifted by specially designed bots and have now been found for sale online

Microsoft: Iranian hackers encrypt Windows systems using BitLocker (BleepingComputer) Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 (aka Nemesis Kitten) has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems.

Mandiant ‘highly confident’ cyberspies will target elections (Register) It is with a heavy heart that we must announce that the hackers are at it again

India's nationwide ID system has a severe cryptography vulnerability (Cybernews) India’s nationwide identification system, also known as Aadhaar, has come under plenty of criticism in the years since it was first announced and introduced.

North Korea's Lazarus hackers are exploiting Log4j flaw to hack US energy companies (TechCrunch) The state-sponsored hacking group used a year-old Log4j vulnerability to compromise U.S., Canadian and Japanese energy company servers.

Lazarus and the tale of three RATs (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

DDoS in Financial Services: What to Know and What to Do (Akamai) Akamai researchers have been monitoring the trends of distributed denial-of-service (DDoS) attacks between Q1 2021 and Q1 2022 and have found a significant uptick toward Layer 7 DDoS attacks despite them being more expensive and more difficult to execute.

Ransomware ravages retail sector, with 75% increase in attacks (SecurityBrief Australia) Globally, 77% of retail organisations surveyed experienced a 75% increase from 2020. This is also 11% more than the cross-sector average attack rate of 66%.

An In-Depth Look at the Emotet Botnet (Avertium) After 10 months of darkness, Emotet came back with a vengeance in 2021. In Q1 2022, Emotet re-emerged using new variants that employed old & new techniques

How Gaming Cheats Are Cashing In Below the Operating System (Eclypsium) Cheating has been around since the beginning of electronic gaming, dating back as far as 1981. Players have always wanted to use shortcuts or aids as an advantage to clear the game faster or gain an advantage over other players. Yet, despite the evolution of “gaming cheats,” the motivation has…

Cybercriminals targeting Minecraft fans with malware (Register) Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them

LockBit gang leads the way for ransomware (SearchSecurity) Low-key operations have helped the LockBit ransomware group stay off law enforcement's radar and outpace its peers, according to Malwarebytes.

200,000 North Face accounts hacked in credential stuffing attack (BleepingComputer) Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website.

Snap blunder steers Dem and GOP voter data to the opposition (Axios) Political advertisers can target their ads to highly specific user segments on Snap and other platforms.

Researchers warn older D-Link routers are under threat from Mirai malware variant (Cybersecurity Dive) Attackers are leveraging vulnerabilities in the devices to build botnets and launch DDoS attacks, according to Palo Alto Networks research.

US citizenship systems vulnerable to ‘major’ malicious cyberattacks, Homeland Security watchdog finds (Fox News) DHS inspector general said U.S. Citizenship and Immigration Services IT deficiencies could “limit” Homeland Security's capability to “overcome a major cybersecurity incident.”

Suffolk officials: Possible 'cyber intrusion' of county government (Newsday) Some county websites were down Thursday night as officials probed a possible cyberattack, Suffolk Executive Steve Bellone's office said.

CISA Adds Twelve Known Exploited Vulnerabilities to Catalog (CISA) CISA has added twelve new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

Vulnerability Summary for the Week of August 29, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Cisco won’t fix authentication bypass zero-day in EoL routers (BleepingComputer) Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL).

MZ Automation libIEC61850 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MZ Automation GmbH Equipment: libIEC61850 Vulnerabilities: Buffer Overflow, Access of Resource Using Incompatible Type, NULL Pointer Dereference 2.

PTC Kepware KEPServerEX (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the device or remotely execute arbitrary code.

Baxter Sigma Spectrum Infusion Pump (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Sigma and Baxter Spectrum Infusion Pumps Vulnerabilities: Missing Encryption of Sensitive Data, Use of Externally Controlled Format String, Missing Authentication for Critical Function 2.

Hillrom Medical Device Management (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Hillrom Medical Device Management that was published June 1, 2021, to the ICS webpage at www.cisa.gov/uscert.

Microsoft Teams is getting a basic but mighty new security feature (TechRadar) Being added to a random group chat is one less thing you’ll have to worry about

Trends

Healthcare Cyberattacks Endanger Patient Lives and Impact Care (Proofpoint) Healthcare organizations have been slow to bring their cybersecurity defenses in line with the growing frequency and severity of attacks they face. The consequences to patient safety and care delivery are so severe that cyberattacks have become the top health technology hazard for 2022. And the increase in mortality rates and other poor outcomes is truly alarming.

New Ponemon Institute Study Finds that Cyberattacks Cause More Than Twenty Percent of Impacted Healthcare Organizations to Experience Increased Mortality Rates (Proofpoint) The average total cost for the most expensive cyberattack experienced was $4.4 million, including $1.1 million in lost productivity

Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care (Proofpoint) Healthcare IT and security professionals have spoken.

Marketplace

Distology lands in Germany with first acquisition (CRN) Distributor acquires Berlin-based software consultancy Squareball as CEO Hayley Roberts says she wants to create a ‘top five’ value-added distributor in Germany within three years

EY, the accounting and consulting firm, will split into two businesses. (New York Times) The firm, commonly known as Ernst & Young, announced a plan to separate into two companies, one that does mainly auditing work and the other consulting and advisory work.

Inlution acquired by Minuteman Security Technologies (Security Systems News) Super regional enterprise security technology provider Minuteman Security Technologies have announced their acquisition of Inlution inc. this week.

Newly merged Cyderes boasts 63-percent growth rate, beating timeline, expectations (Startland News) Merging two cybersecurity powerhouses was a monumental task unto itself, said Robert Herjavec, but the newly formed Cyderes has exceeded expectations and more than overcome the challenges associated with blending the strengths of Herjavec Group and Fishtech Group.

KnowBe4 Recognized With Global Sustainability Leadership Award (KnowBe4) KnowBe4 Recognized With Global Sustainability Leadership Award

NSO Group’s Recent Difficulties Could Shape the Future of the Spyware Industry (Infosecurity Magazine) With a 111% surge in spyware use in the last year, many experts call for global regulations

AvePoint Expands Global Footprint with New Stockholm Office (GlobeNewswire News Room) As digital transformation in the region accelerates, AvePoint scales to meet demand and support Nordic customers...

Truesec Launches in Finland with Top Cybersecurity Experts (GlobeNewswire News Room) Stockholm, Sept. 08, 2022 (GLOBE NEWSWIRE) -- Cybersecurity company Truesec continues to strengthen its European presence. The global demand for...

Kaspersky Unveils Channel Program Changes Amid Ongoing Controversy Over Russian Ties | CRN (CRN) Kaspersky rolls out new channel programs aimed at MSPs

PagerDuty Expands Technical Leadership Team with Appointments of CIO and CISO (Business Wire) PagerDuty, Inc. (NYSE:PD), a leader in digital operations management, today announced the appointments of Sesh Tirumala as Chief Information Officer (

Ilya Feige Joins Cerberus Technology Solutions as Global Head of Artificial Intelligence and Machine Learning (Business WIre) Cerberus Capital Management, L.P. (together with its affiliates, “Cerberus”) today announced that Ilya Feige, Ph.D., has joined as Global Head of Arti

Gallagher Re names head of North American cyber insurance hub (Insurance Business) Broker also taps new cyber reinsurance actuary

Products, Services, and Solutions

SecurityBridge Integrates Its SAP Security Platform With Microsoft Sen (PRWeb) MISA is an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft secu

Cowbell Expands API-based quoting to Flagship Cyber Insurance Offering (Cowbell) Access to instant bindable quotes now available on Prime 250

ColorTokens and Zinfinity Partner to Address Key Challenges Organizations Face During Cyberattacks (PR Newswire) ColorTokens Inc., a leading innovator of the autonomous Zero Trust cybersecurity solutions, today announced that it has partnered with...

vxIntel Joins Arctic Wolf to Boost Detection and Threat Intelligence (Arctic Wolf) With the addition of vxIntel, Arctic Wolf's platform gains a quality and quantity of threat intelligence that is unrivaled in the industry.

Booz Allen, CyberSaint to Collaborate on Risk Quantification Platform - ExecutiveBiz (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: Booz Allen, CyberSaint to Collaborate on Risk Quantification Platform. Click to read

Avast Partners with Intimacy Expert Shan Boodram on Ways to Safely Store and Share Intimate Photos and Content as a Third of Americans Admitted to Sharing Nudes (PR Newswire) Avast (LSE: AVST), a global leader in digital security and privacy, has partnered with certified sexologist, psychologist, and intimacy expert...

New Onapsis solution empowers greater threat intelligence (SecurityBrief Australia) This advanced solution connects the Onapsis Threat Intelligence Cloud and deep research conducted by the ORL into a detailed threat intelligence repository.

RackTop Systems Partners With Merative to Help Protect Patient Data and Reduce Cyber Risk Across Healthcare (Business Wire) RackTop Systems, a leading provider of cyberstorage solutions which actively defend against ransomware and insider threats, today announced a new part

Truyo and Egnyte Launch A Privacy Management Educational Series for US Businesses (Business Wire) Truyo, the leader in truly automated consent and data privacy rights management, and Egnyte, the secure platform for content collaboration and governa

Keeper Security Launches Upgraded MSP Platform (PR Newswire) Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released an upgraded...

Malwarebytes, Bitdefender and Symantec achieve Level 1 Certification in MRG Effitas Q2 360° Antivirus Assessment (Journolink) Independent test lab, MRG Effitas, has released its 360° Q2 Antivirus Efficacy and Asessment report rating nine leading enterprise antivirus products, with Malwarebytes, Bitdefender, and Symantec achi...

Technologies, Techniques, and Standards

NSA releases ‘post-quantum’ guidance for national security system owners, operators and vendors (Federal News Network) NSA released a suite of “post-quantum algorithms” that will eventually be requirements for national security systems, along with a series of deadlines for the transition.

How NSA plans to shield high-impact systems against quantum threats (FCW) The National Security Agency started the clock on a long-planned transition to quantum-resistant algorithms in key national security systems.

How Cyber Leaders Plan to Make Cyber Defense the New Offense (Government CIO) Good cyber defense comes down to consistent communication and information-sharing.

CYBERCOM: 'We can do a lot more' with industry partnerships (Breaking Defense) “Valuable information can be gained by the private sector" David Frederick, executive director of US Cyber Command, said. "And on the flip side, we have a lot of information to offer.”

CISA: Offense, Defense Cyber Teams Must Work Together (Meritalk) The Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), Eric Goldstein, preached the importance of offensive and defensive cybersecurity teams working together to mitigate attacks in America from adversaries.

2022 Verizon Business Payment Security Report: Preparing to navigate PCI DSS v4.0 (Verizon) The 2022 PSR includes a step-by-step, logical systems approach to managing complex security problems in advance of the PCI DSS v4.0 2024 deadline.

2022 Payment Security Report (Verizon) Learn best practices for simplifying and improving your payment data security. Discover how to navigate the changing requirements introduced by PCI DSS v4.0—with clear goals and innovative models to help you meet compliance and improve your risk profile.

Five Steps to Integrating a Data Repository Vulnerability Assessment Into A WAF–Driven Vulnerability Management Program (Imperva) A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. There are several types of vulnerability assessments. These include: Host assessment – The assessment of […]

Design and Innovation

SINET 16 Innovator Award Overview (SINET) Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. These 16 companies, known as the SINET 16 Innovators, are invited to present their products and solutions on stage in Washington D.C. at our annual SINET Showcase

US military seeks $499m funding for anti-tamper tech (Securing Industry) Contract seeks ways to deter, prevent, detect, and respond to reverse engineering and countermeasure development.

Tanium BrandVoice: The Connected Car Is The Next Attack Vector (Forbes) Automotive hacks represent a looming threat for corporate fleets and consumer privacy.

Academia

Microsoft builds fast-track to six-figure cybersecurity jobs at more than 180 colleges (Fortune) How is the Big Tech company striving to close the cybersecurity skill gap?

Emilio Valente named CISO at UC Santa Barbara (Security Magazine) Cybersecurity executive Emilio Valente has been named Chief Information Security Officer (CISO) at the University of California Santa Barbara.

Legislation, Policy, and Regulation

NCSC CEO appears at major US cyber security summit (NCSC) Lindy Cameron discussed cyber security at the 13th Billington Cyber Security Summit in Washington.

Dutch cyber security organisations to join forces (ComputerWeekly.com) Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into.

Global Sanctions Dashboard: Sanctioning soars across the board (Atlantic Council) In this edition of the Global Sanctions Dashboard, we look at the recently expanded sanctions against Iran just as negotiations over a potential US return to the Iran nuclear deal reach their endgame.

Cyberspace Solarium Commission has Made ‘Real Impact,’ Work is Not Done Yet (Meritalk) The Cyberspace Solarium Commission (CSC) has made a “real impact” on the nation’s cybersecurity posture, Sen. Angus King, I-Maine, said today, and its work is not over yet.

Intelligence Bill Would Change Policies on Clearances, Other Personnel Issues (FEDweek) An intelligence community authorization bill (S-4503) now pending a vote in the full Senate contains a number of provisions affecting personnel policies

Treasury will warn White House that crypto needs major regulations (Washington Post) A new assessment from the Biden administration is expected to find that cryptocurrencies pose threats to investors

US Treasury to Recommend Issuing Digital Dollar if in National Interest: Source (CoinDesk) The Treasury Department, in what may be its most important recommendation spurred by President Joe Biden’s executive order on crypto, will suggest how to move forward on a CBDC.

SEC’s Gensler Signals Support for Commodities Regulator Having Bitcoin Oversight (Wall Street Journal) SEC chief Gary Gensler says he looks forward to working with Congress to give the Commodity Futures Trading Commission added power to oversee and regulate crypto nonsecurity tokens and related intermediaries.

White House report proposes possible restrictions on proof-of-work crypto mining (The Block) A new report from U.S. president Joe Biden's White House encouraged a broad policy push to reduce greenhouse gas emissions and encourage the use of clean energy by American crypto mining companies.

White House unveils principles for Big Tech reform (Reuters) The White House on Thursday outlined six principles to reform Big Tech platforms and said it was encouraged to see bipartisan interest in Congress to rein in major U.S. tech companies

The White House is praising the privacy push Pelosi is holding up (Protocol) President Biden's administration also pushed for an end to "special legal protections for large tech platforms."

California Legislature Declines to Extend the CCPA’s HR and B2B Exemptions (cyber/data/privacy insights) Last week, the California Legislature adjourned its 2022 legislative session without passing proposed legislation (AB 2871, AB 2891, SB 1454, AB 1102) that would have extended or made permanent the human resources (HR) and business-to-business (B2B) exemptions under the California Consumer Privacy A

The latest privacy legal environment is getting interesting (Avast) Make sure you know the differences among the various states’ privacy laws, when they go into effect, and whether or not they apply to your particular business.

Litigation, Investigation, and Law Enforcement

Philippine senate probes large-scale phishing scams (Reuters) The Philippine senate launched an investigation on Thursday to identify culprits behind large-scale phishing scams where millions of text messages have been sent to mobile users to try and steal passwords for fraudulent transactions.

Ethereum operators just sued to make Tornado Cash legal (Fortune) Prominent Ethereum figures like Preston Van Loon joined with Coinbase employees to challenge Treasury's decision to sanction Tornado Cash.

US Government Recovers $30M From Crypto Game Axie Infinity Hack (CoinDesk) Hackers stole over $600 million from Axie earlier this year.

Data Disputes: How UK Class Action Landscape Is Shaping Up (cyber/data/privacy insights) The number of class actions brought in the UK is likely to grow considerably in the coming years. In particular, we expect claimant firms to continue making claims for misuse use of data where an issue affects a large number of individuals. This post: Introduces group and represen

Judge Slams Musk for Not Handing Over Texts in Twitter Fight (Bloomberg) Billionaire criticized for withholding text messages over deal. Twitter asked for sanctions against Musk, lawyers over texts.

SolarWinds Board Beats Investor Lawsuit Over Russian Cyberattack (Bloomberg Law) SolarWinds Corp.'s senior leaders dodged investor litigation in Delaware over a major cyberattack by Russian hackers in 2020—called “Sunburst"— that compromised the systems of Fortune 500 companies and US government agencies using the company’s Orion software platform.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

13th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 7 - 9, 2022) The world's leading government summit on cybersecurity will continue its unique educational mission of convening the who's who in cybersecurity: the senior leadership from the U.S. government, our allied partners, and their industry and academic partners. Given the fast moving strategic direction that the Biden Administration has generated over the past year, this event will take a holistic view of the cybersecurity business with a hearty dose of topics covering Zero Trust, proactive cyber defense measures, partnership building, offensive cyber, and a continued look at what the future will bring to the cybersecurity mission. Once again, Billington will play host to the Federal Government's most senior cyber and IT managers and experts, some of the most innovative cybersecurity providers in the business, and a broad range of expertise from across the public and private sectors. Like the past Billington events, we expect groundbreaking news and a content rich discussion focused on lessons learned, best practices, and things to consider as you build and enhance your own cybersecurity programs.

Hack Red Con 2022 (Louisville, Kentucky, USA, Sep 7 - 11, 2022) Hack Red Con 2022 is a Cyber Security Conference, Training and Networking 4 day event with an emphasis on Red Teaming, Pen Testing, Social Engineering, and all aspects of Off Sec. The Conference aims to connect Off Sec Professionals, Companies, Educators, Influencers, Investors, Entrepreneurs and Federal, State, Local Government Agencies together. This 4 day event will have 2 intense training days of the latest in Off Sec Education by the industries top hackers and industry experts. The following 2 conference days will include world class key note speakers, industry talks, roundtables, events including Hack the Flag, Jeopardy and Kentucky Bourbon, Lock Hack Challenges, Hack Career Meet & Great, Invest in Cyber, and of course the sickest Swag and Gear Giveaways.

WiCyS Book Club (Virtual, Sep 12, 2022) Join us on September 17 at 12pm CT for the first WiCyS Book Club meeting! The WiCyS Book Club is about creating the space in our hectic lives to connect as a community and bring diverse perspectives into a lively discussion about pre-selected books. This book club meets bi-monthly and will review various cybersecurity and privacy-related books. Meeting Date/Time: September 17 at 12pm CT Book: Cyber Privacy: Who Has Your Data and Why You Should Care by April Falcon Doss About the Book: You shouldn't have to be a privacy expert to understand what happens to your data. In Cyber Privacy, Doss demystifies the digital footprints we leave in our daily lives and reveals how our data is being used - sometimes against us - by the private sector, the government, and even our employers and schools. Attend the meeting for a discussion about the book and how these issues impact our lives! REGISTRATION IS REQUIRED. After registering, you will receive a confirmation email containing information about joining the meeting.

SASE Converge 2022 (Virtual, Sep 13 - 14, 2022) The concept of work has been completely transformed. It is no longer a location, but an activity. This new era of hybrid work means a new generation of never-before-seen threats. Is your network ready? To succeed in this new world, we need to reimagine our infrastructure to support the flexibility demanded by the modern workforce - without compromising security or user experience. ZTNA 2.0 provides you a critical first step in accomplishing a successful SASE deployment and unlocking this next phase of growth for your organization. Join us at SASE Converge 2022 to learn from industry experts about the latest trends and innovations in SASE, so you can lead the transformation of your infrastructure with confidence.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.