Dateline
Ukraine at D+201: Ukraine's counteroffensive, and Russian attempts to make sense of it. (CyberWire) Ukraine's counteroffensive has largely succeeded in ejecting Russian forces from the Kharkiv oblast, with accounts of the fighting reporting large-scale Russian flight and surrender. Russian official channels of opinion show signs of an attempt to come to grips with combat failure. A retrospective on Russia's hybrid war, six months in.
Russia-Ukraine war latest: what we know on day 202 of the invasion (the Guardian) Ukrainian forces have recaptured 6,000 sq km in south and east, Zelenskiy says; Kyiv says Russia has stopped sending new troops into Ukraine
Russia-Ukraine war: List of key events, day 202 (Al Jazeera) As the Russia-Ukraine war enters its 202nd day, we take a look at the main developments.
Russia-Ukraine war: Russian intelligence officers and military commanders flee Crimea, Kyiv claims – live (the Guardian) Russian intelligence officers and military commanders in south ‘urgently resettling families’, Ukraine claims
Ukraine Routs Russian Forces in Northeast, Forcing a Retreat (New York Times) Russia acknowledged that it had lost nearly all of the northern region of Kharkiv after a blitzkrieg thrust by Ukrainian fighters.
Ukraine piles pressure on retreating Russian troops (AP NEWS) Ukrainian troops piled pressure on retreating Russian forces on Tuesday, pressing a counteroffensive that has produced major gains and a stunning blow to Moscow's military prestige.
Some Russian Forces Appear to Be Fleeing Ukraine, Pentagon Says (Defense One) An inability to avoid certain strategic errors has eroded Russia’s hold on eastern Ukraine, officials said.
Ukraine’s Lightning Counteroffensive Approaches the Russian Border (Foreign Policy) Ukrainian officials say the dramatic changes on the battlefield are a sign they can win the war.
Ukraine reclaims more territory, reports capturing many POWs (AP NEWS) Ukrainian troops expanded their territorial gains Monday, pushing all the way to the country's northeastern border in places, and claimed to have captured a record number of Russian soldiers as part of the lightning advance that forced Moscow to make a hasty retreat.
Ukraine continues Kharkiv offensive despite apparent Russian retaliation (the Guardian) Kyiv’s troops have reportedly retaken towns up to the Russian border, including strategic Izium
Ukraine war latest: Prestigious Russian tank army tasked with defending Moscow 'severely degraded' (The Telegraph) The Russian armed force’s most prestigious and leading tank formation, designed to defend Moscow, has been “severely degraded”, according to British intelligence.
Russian marines brigade almost completely wiped out in Ukraine, Kyiv says (Newsweek) The Ukrainian military has destroyed almost 85 percent of Russia's 810 marine infantry brigade, Kyiv said.
Ukrainian Counter-offensive Progresses With The Liberation Of Balakliya (AFP via Barron's) The town of Balakliya, in northeastern Ukraine, was retaken from the Russians this week. The locality and its surroundings have been transformed into a battlefield and bear the traces of heavy fighting.
Ukraine’s Sudden Gains Prompt New Questions for Commanders (New York Times) Ukraine’s military is gauging how far its forces can press the attack, at risk of their ability to hold the new lines. Russian leaders are trying to regroup after a dramatic, demoralizing rout.
Western officials ‘surprised’ by Ukraine’s rapid gains in northern counteroffensive (POLITICO) Kyiv notified top U.S. generals in advance of the plan to launch the two-front attack simultaneously.
US leaders avoid victory dance in Ukraine combat advances (AP NEWS) U.S. leaders from President Joe Biden on down are being careful not to declare a premature victory after a Ukrainian offensive forced Russian troops into a messy retreat in the north.
Intelligence points to potential turning point in Ukraine war (Washington Post) Whether Ukraine’s gains are permanent, Western intelligence officials said, depends on Russia’s next moves, especially whether President Vladimir Putin orders up reinforcements
The Critical Moment Behind Ukraine’s Rapid Advance (New York Times) President Volodymyr Zelensky wanted to make a dramatic move in the war against Russia. U.S. and Ukrainian officials came up with a plan.
Opinion The 4 factors that explain Ukraine’s extraordinary military success (Washington Post) Last week, I wrote that Ukrainian forces had the initiative and Vladimir Putin was losing his “war of choice.” Little did I know how true that was. When I wrote that column, attention was focused on Ukraine’s offensive in the south toward Kherson. That attack is making only incremental gains, but in the past week, Ukraine has launched a surprise offensive in Kharkiv province that has achieved lightning progress in the northeast.
Himars rockets set the stage for Russian rout in Ukraine war’s ‘third phase’ (The Telegraph) Vladimir Putin insists ‘special military operation’ will continue despite the catastrophic collapse of Kremlin troops around Kharkiv
Ukraine Counter-offensive 'Third Phase' In War: Defence Minister (AFP via Barron's) Ukraine's war against Russian has entered a new phase made possible by the supply of Western weapons, the country's defence minister said in an interview published Monday.
Ukraine Pulled Off a Masterstroke (The Atlantic) Ukrainian leaders announced one counteroffensive against Russia—but had another in the works.
Putin sacks top general in the Donbas after defeats at hands of Ukraine's armed forces (The Telegraph) Vladimir Putin has fired the general leading Russia’s forces in the Donbas after Ukrainian troops recaptured swathes of territory in a recent offensive in the east.
Ukrainian forces reach Russian border as offensive sweeps through Kharkiv (The Telegraph) Kyiv’s troops on Monday reached parts of the north-eastern border that had been occupied since the first day of the war in February
Russian force sees "mass desertion" amid Putin's recruitment push: Report (Newsweek) This "mass desertion" is occurring among a group of Russian troops in a Russian-backed region of Moldova, according to Ukrainian military intelligence.
A Ukraine push towards Crimea could be the hammer blow that knocks out Vladimir Putin (The Telegraph) The occupied peninsula on the Black Sea is Russia’s 'centre of gravity' in this war, without which their whole force crumbles
Watch: Ukrainians greet liberating soldiers with hugs, kisses and watermelons (The Telegraph) Touching footage shows civilians crying tears of joy after towns and villages were liberated in a lightning push through Russian lines
In Ukraine and Iran, the IAEA’s Grossi Is Handling Tough Crises Well (World Politics Review) The UN’s nuclear agency, the IAEA, is now handling two global political crises: a nuclear power plant in Ukraine and Iran’s nuclear program.
AcidRain Malware and Viasat Network Downtime in Ukraine: Assessing the Cyber War Threat (Just Security) There are many plausible explanations for Russia’s limited cyber operations in Ukraine to date.
Is Russia Restarting Damaging Cyberattacks? (Slate Magazine) Montenegro is blaming Russia for a damaging new attack.
Ukraine Cyber War Update September 2022 (CyberCube) In the six months following Russia’s invasion of Ukraine on February 24, 2022, cyber warfare has been an important tool for assisting physical activity on the ground.
Satya Nadella reveals how cybersecurity defended Ukraine from Russian attacks (Moneycontrol) Satya Nadella said that Microsoft was able to work with the Ukrainian government to "evacuate" critical information into their cloud and protect them.
Ukraine, rushing into 'digital transformation,' prepares for more Russian cyber attacks: Officials (Breaking Defense) “This is the world’s first cyber war and Ukraine is successfully dealing with it,” said Mykhailo Fedorov, Ukraine’s deputy prime minister and minister for digital transformation. “We’ve shown the whole world that Russia is not such a powerful state as everyone thought.”
Opinion | The Ukraine War’s Decisive Season (New York Times) We will soon see if European resolve holds up.
It’s Time to Prepare for a Ukrainian Victory (The Atlantic) The liberation of Russian-occupied territory might bring down Vladimir Putin.
Ukraine’s Sudden Success Could Bolster Europe’s Support — and Morale (New York Times) “It’s not for nothing.” Ukraine’s backers say that an offensive over the weekend shows Western military aid is helping, and that it’s time to supply more sophisticated weaponry.
Ukraine’s Army Is Winning But Its Economy Is Losing (Bloomberg) The US has been generous with military and financial aid, the Europeans less so. But both must step up the effort to keep Kyiv fighting.
Russian state TV utters the unspeakable: ‘Ukraine cannot be defeated’ (The Telegraph) Western-leaning politician allowed to voice rare criticism in what may be ploy to prepare the Russian people for possibility of peace talks
Why Ukraine’s successful offensive is such bad news for Vladimir Putin (The Hill) Ukraine’s battleground offensive that has seen it gain thousands of miles of territory once lost to Moscow spells bad news for Russian President Vladimir Putin at home and abroad. The Ukraini…
As Russian Losses Mount in Ukraine, So Does Criticism Back Home (New York Times) Ukraine’s recent battlefield successes are emboldening Vladimir Putin’s critics and sending his supporters in search of someone else to blame.
Putin Has a New Opposition—and It’s Furious at Defeat in Ukraine (Foreign Policy) Right-wing nationalists are spreading a dangerous “stab-in-the-back” myth to explain Russia’s crushing defeats.
Attacks, Threats, and Vulnerabilities
New Wave of Espionage Activity Targets Asian Governments (Broadcom Software Blogs) Governments and state-owned organizations are the latest targets of a well-established threat actor.
Chinese gov’t hackers using ‘diverse’ toolset to target Asian prime ministers, telecoms (The Record by Recorded Future) Alleged Chinese military hackers are leveraging a wide range of legitimate software packages in order to load malware payloads and target government leaders across Asia.
Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO (Proofpoint) In mid-2022, TA453 deployed a social engineering impersonation technique informally called Multi-Persona Impersonation in which the threat actor uses at least two actor-controlled personas on a single email thread to convince targets of the legitimacy of the campaign.
Iranian military using spoofed personas to target nuclear security researchers (The Record by Recorded Future) Hackers connected to Iran’s military are allegedly using multiple personas on phishing emails to target organizations and people with information on nuclear arms control and more.
Alleged cyber commander of Iran’s Revolutionary Guard named by opposition outlet (Times of Israel) Report identifies senior Iranian figures said to be involved in several cyberattacks over past year, days after Albania cut ties with Tehran following major hack
Lorenz ransomware breaches corporate network via phone systems (BleepingComputer) The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises using their phone systems for initial access to their corporate networks.
Kaspersky uncovers details about active cyber-espionage campaign (SecurityBrief Asia) Nearly 10 years since experts unmasked an active cyber-espionage campaign, the state-sponsored group continues to show prolific updating of tactics.
China Accuses NSA's TAO Unit of Hacking its Military Research University (The Hacker News) China has accused the elite hacking unit of the U.S. National Security Agency (NSA) of hacking Northwestern Polytechnical University.
Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities (FBI) The FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features.
FBI warns of vulnerabilities in medical devices following several CISA alerts (The Record by Recorded Future) The FBI on Monday warned that hundreds of vulnerabilities in widely used medical devices are leaving a door open for cyberattacks.
Rapid7 issues vulnerability advisory for two Baxter devices (SecurityBrief Asia) Rapid7 has issued a vulnerability advisory for two Baxter Healthcare TCP/IP-enabled medical devices: SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery.
Leveraging Facebook Ads to Send Credential Harvesting Links (Avanan) Hackers are using Facebook Ad manager to create forms that steal credentials.
Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free (Arctic Wolf) Learn about Arctic Wolf Lab’s recent investigation into a Lorenz ransomware intrusion which leveraged a Mitel MiVoice VOIP appliance vulnerability for initial access and Microsoft’s BitLocker Drive Encryption for data encryption.
Campaign cybersecurity might be the weakest link in the midterms (Washington Post) Political campaigns are short-changed when it comes to election cyber security
Cisco Data Breach Attributed to Lapsus$ Ransomware Group (Dark Reading) Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.
Cisco Talos shares insights related to recent cyber attack on Cisco (Cisco Talos) On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed.
Cisco Announces Yanluowang Hackers Steal Thousands of Files From its System (Tech Times) The Yanluowang leader admitted the ransomware attack on Cisco.
Azure Active Directory Pass-Through Authentication Flaws (Secureworks) In May 2022, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by Pass-Through Authentication could be exploited.
U-Haul discloses data breach exposing customer driver licenses (BleepingComputer) Moving and storage giant U-Haul International (U-Haul) disclosed a data breach after a customer contract search tool was hacked to access customers' names and driver's license information.
New attack can unlock and start a Tesla Model Y in seconds, say researchers (The Verge) And it won’t be easy to fix.
The La School District Cyber Attack Keeps Unravelling – Expert Comments (Information Security Buzz) Jeremy Kirk, the editor over at ISMG reported on Twitter last night that the Vice society was claiming responsibility for the LA School District cyberattack. The Vice Society is a “double extortion” ransomware group, meaning they encrypt the data and also threaten to publish it.
Cyber Attack on IHG Impacted Hotel Booking System and Mobile Apps; Exposes Unknown Quantity of Data, Causes Extended System Outage (CPO Magazine) IHG Hotels & Resorts, the hotel group that owns the Holiday Inn and Intercontinental brands among numerous others, suffered a cyber attack on the first weekend of September that impacted its central hotel booking system and mobile apps. The hotel group continues to assess the nature extent and impact of the breach, but it caused a service outage that lasted for several days and prevented loyalty program members from logging in and creating new bookings.
Officials: Some issues remain after Suffolk County cyberattack but 'no compromise to public safety' (News 12 - Long Island) Suffolk County officials are still having a hard time sending out emails four days after a cyberattack caused some county communication systems to go down.
Vulnerability Summary for the Week of September 5, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Apple security updates (Apple Support) This document lists security updates for Apple software.
Apple fixes eighth zero-day used to hack iPhones and Macs this year (BleepingComputer) Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.
Apple patches zero-day holes – even in the brand new iOS 16 (Naked Security) Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)…
Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw (The Hacker News) Apple has released another round of security updates to fix several new vulnerabilities in iOS and macOS, including a new zero-day vulnerability.
Security pros can now manually add incidents to Sentinel (Register) *Tappity tappity* Yes the NSA's on the phone. Well maybe the automated log check didn't pick it up yet, Chad!
Trends
CFO Cyber Security Survey: Over-Confidence is Costly (Kroll) Our global CFO cyber security survey found that Chief Financial Officers are underinformed & over-confident on cyber risk, ignoring costly threats. Read more here.
Orca Security Report Finds Cloud Security Gaps Expose Business Critical Assets in Just Three Hops (Orca Security) Study reveals that known vulnerabilities, unsecured storage assets and failure to follow best practices is leading to an average cloud attack path of only three steps to reach an organization’s crown jewels
2022 State of Public Cloud Security Report (Orca Security) The 2022 State of the Public Cloud Security Report is a study compiled by the Orca Research Pod, who analyzed workload, configuration, and identity data captured from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform.
Snyk’s State of Cloud Security Report Reveals 80% of Organizations Have Experienced a Severe Cloud Security Incident in Past Year (Snyk) Research Also Underscores Risk Is Growing, While Increased Cloud Security Investment Leads to Faster Application Deployment
State of Cloud Security Report (Snyk) An assessment of the complex cloud security risks and challenges that organizations face in 2022.
2022H1 Ransomware Trends | Prepare for new extortion techniques (Forescout) 2022 Ransomware Trends | Cybercriminals and state-sponsored actors are deploying ransomware to target an increased attack surface - how to bolster your defense
52% of U.S. Healthcare Insurance Providers At Risk of Email Impersonation During Open Enrollment (Tessian) Top U.S. healthcare insurance providers at risk of having their domain spoofed in advanced phishing and email impersonation attacks.
Marketplace
Opus Security Emerges from Stealth with $10M in Funding to Revolutionize Cloud SecOps and Remediation Processes (Business Wire) Opus Security, a Cloud Security Orchestration and Remediation startup, today announced $10 million in seed funding led by YL Ventures with participati
Volaris Group Acquires Hitachi ID Systems, Inc. (Business Wire) Volaris Group (“Volaris”) today announced it has acquired Hitachi ID Systems, Inc. which it has renamed as Bravura Security. Bravura Security will con
Google closes $5.4B Mandiant acquisition (TechCrunch) Cybersecurity firm Mandiant will operate under the auspices of Google Cloud, though the Mandiant brand will live on.
Theom Raises 16 Million (Theom) Theom is the data bodyguard to prevent breaches in the cloud
XDR Alliance Welcomes New MSSP and MDR Members Committed to Open XDR Framework in Cybersecurity (GlobeNewswire News Room) Cybersecurity leaders Banyax, Deloitte, and ReliaQuest latest members to join XDR Alliance to augment API integration expertise...
Votiro Unveils Significant Company Growth and Extends Support to New Industries and File Types (Business Wire) Votiro announces product enhancements through version 9.7 along with significant revenue and company growth.
Former Deputy Chief of the Criminal Division, Southern District of New York Kristy Greenberg joins Hogan Lovells' New York office as partner (Hogan Lovells) New York, 12 September 2022 – Global law firm Hogan Lovells announced today that Kristy Greenberg has joined the firm as a litigation and investigations partner in New York. Greenberg joins the firm from the U.S. Attorney’s Office for the Southern District of New York (SDNY), where she served for more than a decade—most recently as the Deputy Chief of the Criminal Division.
Lumen Announces CEO Transition (PR Newswire) Lumen Technologies (NYSE: LUMN) today announced Kate Johnson has been appointed President, Chief Executive Officer and a member of the...
Netacea | Andy Lole joins Netacea as CTO (RealWire) Netacea, the bot detection and mitigation specialist, today announces the appointment of Andy Lole as Chief Technology Officer. Andy brings over 20...
FTI Consulting (NYSE:FCN) – Former Director of FBI National Cyber Investigative Joint Task Force Joins FTI Consulting (Benzinga) FTI Consulting, Inc. (NYSE:FCN) today announced continued investment in the firm's Cybersecurity practice with the appointment of Brian Boetig as a Senior Managing
Cybrary's Chloe Messdaghi: Advocating for the community from within (SC Media) Said Cybrary's chief impact officer: “It’s time to support one another by providing career support and access for all marginalized genders to obtain any position and title while working in cybersecurity and tech.”
Sift Welcomes Mary Writz as New Senior Vice President of Product (GlobeNewswire News Room) Sift, the leader in Digital Trust & Safety, announced today that Mary Writz has joined the...
Mimecast Appoints Cybersecurity Veteran Rafe Brown as President and Chief Operating Officer (Mimecast) This press release details the appointment of Rafe Brown as Mimecast's President and COO
Obsidian Security Names Reena Choudhry as Chief Revenue Officer (Obsidian Security) Veteran enterprise sales leader to scale sales organization to meet fast-growing demand for company’s SaaS Security Platform
Products, Services, and Solutions
Introducing Bishop Fox Security Tool: CloudFox (Bishop Fox) Introducing CloudFox, a command line security tool created to help offensive security professionals find exploitable attack paths in cloud infrastructure.
ConnectWise Announces New Version of Modes Theory with Individualized Roadmap for MSP Partners to Align Business Objectives, Achieve Goals (GlobeNewswire News Room) New free business model program includes workshops, webinars, purpose-built trainings and more...
OPSWAT Launches Neuralyzer, A New AI-Powered Product for Industrial Asset and OT Network Visibility to Enhance Critical Infrastructure Protection - OPSWAT (OPSWAT) OPSWAT , a leading provider of critical infrastructure protection (CIP) cybersecurity solutions, announced today the launch of OPSWAT Neuralyzer, a new neural network cybersecurity product that enables OT personnel to protect their critical environments and supply chain through asset discovery, inventory management, network visibility, and vulnerability and risk management.
Cyren Launches Hybrid Analyzer for Unmatched Speed and Scale of Malware Analysis (Cyren) Faster than existing solutions, Cyren Hybrid Analyzer improves detection of zero-hour malware without compromising performance or privacy
Egnyte Brings Secure File Sharing to Managed Service Providers of All (PRWeb) Egnyte, the secure platform for content collaboration and governance, today announced several new additions to its packages for managed service providers (MS
Netskope Continues to Strengthen Converged SASE Platform with Advanced Cloud Firewall Capabilities (PR Newswire) Netskope, a leader in secure access service edge (SASE), today announced key enhancements to Netskope Cloud Firewall, the firewall-as-a-service...
AppViewX Joins F5's Technology Alliance Program to Accelerate and Secure Multi-Cloud Application Delivery (PR Newswire) AppViewX, the leader in automated machine identity management (MIM) and application infrastructure security, today announced that the company...
Barracuda bolsters its Zero Trust Access solution with integrated web security functionality (Barracuda Networks) Latest release of Barracuda CloudGen Access protects users from malicious web content, strengthens integration with identity providers
Barracuda adds Zero Trust Access to its Email Protection to enhance security Posted date: 2022-09-13 3:00 AM (Barracuda Networks) New capabilities provide comprehensive Microsoft 365 security with Zero Trust Access
Barracuda expands XDR capabilities to strengthen its security offering to Managed Service Providers (Barracuda Networks) Enhanced detection and response service offering further empowers MSP partners via new integration, addition of SOAR, and more
Barracuda accelerates growth in its Data Protection business (Barracuda Networks) Barracuda Cloud-to-Cloud Backup provides protection against evolving cyberthreats like ransomware, and is now transactable in Azure Marketplace
Axis Named Best Security Innovation in a SaaS Product by SaaS Awards for Its Unique Approach to Security Service Edge | Axis Security (Axis Security) Axis announced today that its Atmos Security Service Edge platform has been named Most Innovative SaaS Security Solution in the 2022 SaaS Awards program. Now in its seventh year of celebrating software innovation, the Software as a Service Awards program accepts entries worldwide, including the US, Canada, Australasia,...
Adaptive Shield and Tenable Partner to Enhance SaaS Security Posture (Business Wire) Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced a partnership with Tenable, the Cyber Exposure Managemen
MSP360 Partners with Deep Instinct to Fully Integrate the World's First Deep Learning Cybersecurity Framework Solution (PR Newswire) MSP360, a provider of simple and reliable backup and IT management solutions for managed services providers (MSPs) and IT departments...
Blumira Launches Detection Filters, Enabling Organizations to Easily Customize Detection Rules (PR Newswire) Blumira, a leading cybersecurity provider of automated threat detection and response technology, today announced the launch of Detection...
ThreatModeler Announces Version 6.0, Bringing New Features and Significant Enhancements to Its Comprehensive Threat Modeling Platform | News Direct (News Direct) New features to substantially simplify user experience, increase development pace and further enable DevOps and security teams to shift security left in the CDLC
Jumio Platform Attains SOC2 Type 2 Certification - Jumio: End-to-End ID, Identity Verification and AML Solutions (Jumio) Jumio, the leading provider of orchestrated end-to-end identity proofing, eKYC and AML solutions, today announced that it has successfully achieved SOC2 Type 2 certification for its Jumio KYX platform, with zero exceptions listed in the examination conducted by Moss Adams.
Technologies, Techniques, and Standards
EMA Study Is Good News for Risk Management Initiatives (Cerberus Sentinel) Cerberus EMA Study Is Good News for Risk Management Initiatives. Key takeaway: Businesses are increasingly required to spend on compliance...
New Industry Compliance Report Sees Progress with Growing Importance of Compliance Initiatives (TalaTek, LLC) Leading analyst firm Enterprise Management Associates (EMA) conducted a research study “Using Compliance Budget to Advance Security Priorities” to learn about the intersection of compliance and cybersecurity and found 76 percent of respondents indicated that compliance has completely or significantly shifted their security strategy and spending.
The EU Cybersecurity Certification Scheme (Global Platform) Mapping misalignment with industry security levels and understanding the impact
DoD issues deviation after continued UEI transition delays | Federal News Network (Federal News Network) The Defense Pricing and Contracting office issued a deviation to the FAR giving contracting officers the ability to continue to award contracts even if companies are not fully registered in SAM.gov.
Research and Development
AWS, Harvard collaborate to advance quantum networking (Network World) The AWS Center for Quantum Networking (CQN) and Harvard’s Quantum Initiative (HQI) group will team to cultivate projects to develop quantum memories, integrated photonics, and quantum applications that could help underpin future quantum networks and a quantum internet.
Legislation, Policy, and Regulation
The West is strangling Israel's cyber forces for fighting enemies - Shaked (Jerusalem Post) The West is over-regulating Israel's cyber offensive sector and causing Israel to do the same, said Interior Minister Ayelet Shaked.
Exclusive: Biden to hit China with broader curbs on U.S. chip and tool exports (Reuters) The Biden administration plans next month to broaden curbs on U.S shipments to China of semiconductors used for artificial intelligence and chipmaking tools, several people familiar with the matter said.
US may relax some restrictions on Huawei as it aims to retain its global tech lead (GizmoChina) Just a couple of years ago, Huawei had been one of the biggest smartphone makers and was even set to topple both Apple and Samsung for the throne. However, it soon got hit with sanctions from the US, which essentially crippled its smartphone operations as a whole. But now, it appears that there might soon be some changes that help improve its situation.
California Legislature Passes Children’s Privacy Bills (cyber/data/privacy insights) California’s legislature adjourned for the year on August 31, 2022, after passing two notable children’s privacy bills: the California Age-Appropriate Design Code Act and the Student Test Taker Privacy Protection Act, both of which now await the governor’s signature.
California Age-Appropriat
Litigation, Investigation, and Law Enforcement
U.S. Broadens International Efforts to Pursue Hackers (Wall Street Journal) The U.S. is helping other countries fight cybercrime with measures that include joint law-enforcement operations and examining how cybersecurity rules can be more closely aligned.
Twitter whistleblower to tell Congress of company’s alleged corporate failings (the Guardian) Peiter ‘Mudge’ Zatko, a former hacker, was head of security and says he witnessed ‘egregious deficiencies’ by the company
Does Twitter have shoddy security? A whistleblower could weigh in today. (Washington Post) Famed hacker 'Mudge' testifies on Twitter security before a Senate panel today
US lawmakers question Twitter on security practices on eve of whistleblower testimony (CNN) US lawmakers sent Twitter more than a dozen questions about its security practices Monday, on the eve of a company whistleblower's testimony before Congress in which he is expected to outline damning allegations of security and privacy vulnerabilities at the embattled social media company.
Uber Hacker Testifies He Used Breach To Extort 'Six Figures' (Law360) One of two hackers behind a massive 2016 Uber data breach testified Monday in the criminal trial of the ex-security chief charged with criminal obstruction on allegations of covering it up, telling California federal jurors he and his colleague intended to use the breach to extort Uber for a six-figure payout.
Justice Dept. Issues 40 Subpoenas in a Week, Expanding Its Jan. 6 Inquiry (New York Times) It also seized the phones of two top Trump advisers, a sign of an escalating investigation two months before the midterm elections.
NSA analyst jailed for life for selling US secrets to Soviets dies aged 80 (the Guardian) Ronald Pelton, convicted of espionage in 1986, said he accepted money from America’s cold war enemy because he was desperate