Dateline Moscow and Kyiv: Russia looks for a response to Ukrainian battlefield success.
Ukraine at D+204: Propaganda as prelude to policy. (CyberWire) Ukraine expands its counteroffensive toward Kherson and Luhansk, and finds more evidence of Russian atrocities in recently liberated territories. Russian official media is calling for increased and unrestrained violence against Ukrainians, who, they say, are brainwashed beyond redemption. A major DDoS attack in Eastern Europe is stopped.
Russia-Ukraine war: List of key events, day 205 (Al Jazeera) As the Russia-Ukraine war enters its 205th day, we take a look at the main developments.
Russia-Ukraine war: senior pro-Russian officials reported killed; Ukraine says mass grave found at Izium – live (the Guardian) Officials in Russian-occupied areas reported dead; hundreds of bodies said to have been found in retaken Ukraine city
Ukraine Shifts the War With a Surprise Attack - The Journal. - WSJ Podcasts (Wall Street Journal) In a matter of days, Ukrainian forces liberated thousands of square miles of Russian-occupied territory. WSJ’s Matthew Luxmoore explains why the offensive took Russia by surprise and shifted the balance of the war. Further Reading: - Russia Strikes Zelensky’s Hometown as President Visits Recaptured City - Russia Withdraws More Forces From Northeast Ukraine Further Listening: - A Battle of Wills Over Russian Energy
Inside Izyum – and the Russian command centre destroyed by Himars missiles (The Telegraph) Glimpse inside the city gives a sense of how complete and rapid the enemy’s defeat was with evidence of Russia’s panicked retreat everywhere
Ukraine combs mass burial site, says Russia 'leaves death' (AP NEWS) Ukrainian authorities began unearthing bodies Friday from a mass burial site in a forest recaptured from Russian forces — a find that President Volodymyr Zelenskyy said was an example of "what the Russian occupation has led to.”
Ukraine-Russia war latest: Multiple Himars strikes hit Russia's Kherson HQ (The Telegraph) Ukraine on Friday launched a long-range rocket attack on an apparent meeting of Kremlin-installed officials in the occupied city of Kherson.
Russian forces are demoralized and degraded — now we just have to 'drive the enemy out,' Ukraine says (CNBC) After Ukraine's successes in recapturing Russian-occupied territory over the last week, the pressure is now on to maintain the momentum.
Increasing number of Russians refusing to fight—Ukraine intel (Newsweek) Ukrainian intelligence said that Russia faced a "catastrophic shortage" of personnel after Kyiv's gains in its counteroffensive.
Short of soldiers to send to war, Russia’s mercenaries recruit in prisons (Washington Post) To address Russia’s shortage of soldiers to send to war in Ukraine, the Wagner mercenary group seems to be making an offer that it hopes convicted criminals can’t refuse: a get out of jail card.
Inside the Ukrainian city freed by daring special forces soldiers (The Telegraph) ‘It was impossible to describe how scary it was,’ a grandmother says, as Balakliya is liberated by a surprise offensive
What You Should Know about Life in the Occupied Areas in Ukraine (Wilson Center) The Armed Forces of Ukraine recently made a major breakthrough in their counterattack operation in the east and have pushed the Russian army back dozens of kilometers from towns and villages that were under occupation.
NATO’s Stoltenberg: Ukraine’s Gains Are ‘Extremely Encouraging’ (Foreign Policy) The trans-Atlantic alliance chief discusses Russia’s war in Ukraine and competing with China.
The West Holds Firm (Foreign Affairs) Support for Ukraine will withstand Russian pressure.
The U.S. will send $600 million in additional military supplies to Ukraine. (New York Times) The new shipment continues the Pentagon’s recent trend of sending ammunition that Ukraine needs to carry out heavy fighting in the country’s south, east and northeast.
The West Is Now a Co-Belligerent in the War in Ukraine (World Politics Review) Ukraine’s recent counteroffensive confirms that the war is now a multilateral conflict between Russia and the West, specifically NATO.
Under pressure, Germany pledges more military aid to Ukraine (Defense News) Berlin will send two additional multiple-launch rocket systems, known as MARS II, with 200 missiles and 50 Dingo armored personnel carriers.
Germany’s top military chief gives ‘stunningly poor’ assessment of strength of Russian army (The Telegraph) Eberhard Zorn says Russia still has ‘uncommitted capacity’ and that it will not have ‘personnel problems’ if Kremlin orders mobilisation
Russia conducts military drills in Arctic sea opposite Alaska (Reuters) Russian nuclear-powered submarines fired cruise missiles in the Arctic on Friday as part of military drills designed to test Moscow's readiness for a possible conflict in its icy northern waters, the defence ministry said.
Putin concedes China has 'questions and concerns' over Russia's faltering invasion of Ukraine (CNN) Russian President Vladimir Putin on Thursday praised China's "balanced position" on the Ukraine war, though he conceded Beijing had "questions and concerns" over the invasion, in what appeared to be a veiled admission of their diverging views over the protracted military assault.
Putin Nods to Xi’s ‘Concerns,’ and the Limits of Their Cooperation (New York Times) The discordant messages of China’s president, Xi Jinping, and President Vladimir V. Putin of Russia suggested that despite an earlier pledge of “friendship,” Moscow does not have an unconditional ally in Beijing.
The image that says everything about the China-Russia divide over Ukraine (The Telegraph) Vladimir Putin admits Xi Jinping, whom he met from the far side of a massive table, has 'questions and concerns' about the invasion
The complex reality behind Vladimir Putin’s nuclear blackmail in Ukraine (Atlantic Council) Putin's recent efforts to blackmail European leaders by threatening a nuclear disaster at the Zaporizhzhia Nuclear Power Plant (NPP) in Ukraine reflect Russia's use of fear and energy as foreign policy tools.
Putin’s Next Move in Ukraine (Foreign Affairs) Mobilize, retreat, or something in-between?
As Ukraine advances, Putin backs further into a corner (Washington Post) The war in Ukraine may be entering a decisive new phase.
Ukraine Put Putin in the Corner. Here’s What May Happen Next. (Foreign Policy) Mobilization could be in the cards, escalation is in the air, and Russian nationalists are braying for blood.
Putin’s self-defeating invasion turns southern Ukrainians away from Russia (Atlantic Council) Putin framed his Ukraine invasion as a crusade to rescue Russian-speaking Ukrainians but polling data indicates that the war has turned traditionally Russian-speaking regions of Ukraine decisively against the Kremlin.
Exclusive: As war began, Putin rejected a Ukraine peace deal recommended by aide (Reuters) Putin's chief envoy on Ukraine told the Russian leader as the war began that he had struck a provisional deal with Kyiv that would satisfy Russia's demand that Ukraine stay out of NATO, but Putin rejected it and pressed ahead with his military campaign, according to three people close to the Russian leadership.
Satellite Data Shows How Russia Has Destroyed Ukrainian Grain (WIRED) The Russian blockade and bombardments are cutting off thousands of tons of grain, threatening the food supply in countries that rely on wheat exports.
NATO Countries Under Cyber Attack From Russia Will US Be Next? (MITechNews) Some NATO countries bordering the Ukraine are under cyber attack. Cybersecurity experts Dan Lohrmann and Richard Stiennon joins Matt and Mike to figure out who.Spoiler alert it's probably Russia.
Cyber Attack by Russian Hackers Disrupted 20 Japanese Government Websites (CPO Magazine) A cyber attack by suspected Russian hackers disrupted at least 20 Japanese government websites across four ministries, including the eLTAX and e-Gov portals.
Akamai stopped new record-breaking DDoS attack in Europe (BleepingComputer) A new distributed denial-of-service (DDoS) attack that took place on Monday, September 12, has broken the previous record that Akamai recorded recently in July.
Record-Breaking DDoS Attack in Europe (Akamai) They’re back! Or, more accurately, the cybercriminals responsible for July’s record-setting European DDoS attack may have never left. In the weeks following our coverage of the previous incident, the victim (a customer based in Eastern Europe) has been bombarded relentlessly with sophisticated distributed denial-of-service (DDoS) attacks, ultimately paving the way for a new European packets per second (pps) DDoS record.
Breaking the Boycott (Cybersixgill) Russian dark web actors use underground markets to move money and purchase illicit goods, despite the Western embargo. When a banned product is in high demand, there is opportunity for a black market to thrive. Considering the extent of Western governmental and private sector sanctions against Russia in response to the invasion of Ukraine, we […]
Crimea Wedding Party Arrested, Fined For Playing Ukrainian Patriotic Song (The Moscow Times) “Chervona Kalyna” has become an anthem of Ukrainian resistance in the months since the Kremlin invaded.
Attacks, Threats, and Vulnerabilities
Record Chinese Cyber Breach Spurs Eruption in Data for Sale (Bloomberg) A record info leak has increased focus on illicit markets. Sellers are posting personal information and national IDs.
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses (FBI) The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. In one case, the attacker changed victims’ direct deposit information to a bank account controlled by the attacker, redirecting $3.1 million from victims’ payments.
FBI Warns of Cyberattacks Targeting Healthcare Payment Processors (SecurityWeek) The FBI has observed an increase in attacks targeting healthcare payment processors to divert millions of dollars.
FBI: Active cyberattacks on healthcare payment processors 'cost victims millions in losses' (SC Media) The FBI has observed a rise in threat actors compromising user credentials of healthcare payment processors to redirect payments from their victims to bank accounts in their control, according to a private industry notification.
FBI: Millions in Losses resulted from attacks against Healthcare payment processors (Security Affairs) The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments. The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments. Threat actors used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to […]
Vendor Spoof Attack Exposes Business Credentials (IRONSCALES) Details of targeted Vendor Email Compromise with First American Financial and United Wholesale Mortgage that left thousands of business credentials exposed
Microsoft Teams security flaw lets hackers steal accounts - and there’s no fix in sight (TechRadar) There's an easy way to steal Microsoft Teams authentication tokens, researchers claim
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish (Dark Reading) Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.
Ransomware franchising: How do groups get started? (Digital Shadows) Ransomware in 2023 is almost certainly going to continue to become more organized, with newer groups entering the scene. Stay-up-to-date.
Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube (The Hacker News) Gamers looking for cheats on YouTube are being targeted with malicious links that install RedLine stealer malware and crypto miners on gaming computer
RedLine spreads through ads for cheats and cracks on YouTube (Kaspersky) A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games.
Cybercriminal forum staff defrauds its customers (Cybernews) Two administrators of a cybercriminal forum took advantage of their position for personal gain at the expense of other crooks, cybersecurity company Digital Shadows reported.
There’s No Honor Among Thieves: Carding Forum Staff Defraud Users in an ESCROW Scam (Digital Shadows) Digital Shadows are no strangers to witnessing exit scams. Read more about the latest tactics being used in carding forums to defraud users.
Hive ransomware claims cyberattack on Bell Canada subsidiary (BleepingComputer) The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS).
The Cyber Attackers Are Targeting The Users Ahead Of The Ethereum Merge (Coin Republic) There is no need for the Ethereum users to do anything to protect the funds before entering into the Merge.
Uber hacked, internal systems breached and vulnerability reports stolen (BleepingComputer) Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
Uber suffers computer system breach, alerts authorities (Washington Post) The company said in a tweet it was “responding to a cybersecurity incident”
Uber Investigating Data Breach After Hacker Claims Extensive Compromise (SecurityWeek) Uber is investigating a data breach after a hacker claimed to have breached many of the ride sharing giant’s systems and posted screenshots as evidence
Uber Investigating Breach of Its Computer Systems (New York Times) The company said on Thursday that it was looking into the scope of the apparent hack.
Uber investigating "total compromise" of its internal systems (Computing) The attacker used social engineering to obtain a password from an employee
Vulnerabilities Identified in EZVIZ Smart Cams (Bitdefender Labs) As the creator of the world’s first smart home cybersecurity hub, Bitdefender
regularly audits popular IoT hardware for vulnerabilities that might affect
customers if left unaddressed.
Phishing alert: Giving your condolences for Queen Elizabeth II can leave your data in the hands of cybercriminals (Information Security Newspaper | Hacking News) Phishing alert: Giving your condolences for Queen Elizabeth II can leave your data in the hands of cybercriminals - Data Security - Information Security Newspaper | Hacking News
CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Security Patches, Mitigations, and Software Updates
Siemens Mobility CoreShield OWG Software (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Mobility Equipment: CoreShield One-Way Gateway (OWG) Software Vulnerability: Improper Access Control 2.
Siemens Simcenter Femap and Parasolid (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerabilities: Multiple File Parsing Vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution in the compromised process.
Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could occupy all available HTTP connections and cause a denial-of-service condition.
Siemens Mendix SAML Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to gain unauthenticated access to the application.
Siemens SINEC INS (CISA) This advisory contains mitigations for Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure of Private Personal Information to an Unauthorized Actor, Open Redirect, Improper Resource Shutdown or Release, and Server-Side Request Forgery (SSRF) vulnerabilities in Siemens SINEC INS products.
Siemens RUGGEDCOM ROS (Update A) (CISA) This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple Siemens RUGGEDCOM ROS products.
Simcenter Femap and Parasolid (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution in the context of the current process of the application through an out-of-bounds read.
Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on www.cisa.gov/uscert.
Siemens OpenSSL Affected Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Multiple industrial products Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition in the affected products.
Siemens OpenSSL Vulnerability in Industrial Products (Update E) (CISA) This updated advisory is a follow-up to the original advisory titled ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update B) that was published August 18, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Infinite Loop vulnerability in multiple Siemens industrial products.
Siemens SCALANCE (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’), Allocation of Resources Without Limits or Throttling, Basic Cross Site Scripting 2.
Trends
Ending the Era of Security Control Failure (AttackIQ) A data analytic study of historic security control failures against top MITRE ATT&CK techniques – and what to do to improve security program performance.
Storyblok Releases Results from Survey of US Retail Professionals; Reveals Trends in Headless CMS, Metaverse & VR E-commerce, and Website Security Attacks (iCrowdNewswire) Storyblok Releases Results from Survey of US Retail Professionals; Reveals Trends in Headless CMS, Metaverse & VR E-commerce, and Website Security Attacks LINZ, Austria, September 14, 2022 -- Storyblok, the content management system (CMS) category leader for 2022, today released findings from a new survey of
Marketplace
Twilio lays off 11% of its staff as it aims for profitability in 2023 (TechCrunch) Twilio has announced that it will lay off 11% of its workforce as it looks to streamline its operations, aiming for profitability in 2023.
OneLayer to Secure Koch Industries Private Cellular Network Site Alongside $6.5M Investment (PR Newswire) OneLayer, a leading provider of enterprise security for private LTE and 5G networks, announced today a $6.5 million equity investment from Koch...
REMSIS Inc Specializes in Cyber Security in San Diego, San Marcos, La Mesa, Del Mar, Carlsbad, and Oceanside (Digital Journal) When it comes to cyber security in San Diego, San Marcos, La Mesa, Del Mar, Carlsbad, and Oceanside, REMSIS Inc is the right choice.This press release was
Industrial cybersecurity vendor Dragos taps Darktrace, Nextgen talent to lead ANZ (CRN Australia) Hayley Turner and Ben Sullivan to lead expansion into the region.
Cryptomathic Strengthens Leadership with Appointment of Global CEO (Cryptomathic) Laurent’s appointment expands the capacity of the Cryptomathic leadership team, equipping the company to continue its high-growth trajectory across Europe and the US.
Noetic Cyber Hires Ken Green as VP of Product Management (Yahoo Finance) Security industry veteran brings Attack Surface Management and Cloud Security experience to the team Ken Green Ken Green BOSTON, Sept. 14, 2022 (GLOBE NEWSWIRE) -- Noetic Cyber, an innovator in cyber asset attack surface management (CAASM), today announced that Ken Green has joined the Noetic executive team to lead and build out the product management team. Ken joins Noetic from Morgan Stanley, where he was Executive Director, Cloud Security Design, responsible for the bank's multi-cloud securit
Products, Services, and Solutions
Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security - Telos Corporation (Telos Corporation) Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, is pleased to announce a collaboration with IBM Security as part of IBM’s Active Governance Services (AGS) that allows enterprises to operationalize and automate activities and solve challenges... Read more
AVANT Partners with Akamai to Accelerate Cloud Computing and Security (PRWeb) AVANT, a platform for IT decision-making and the nation’s premier Technology Services Distributor, is strengthening its cloud and security portfolio as the firs
Code42 Incydr Supports Leading Desktop-as-a-Service Offerings and Virtual Desktop Infrastructure Solutions (Business Wire) Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced its Incydr product fully supports all major Desktop-as-a-Service (Daa
Torq Delivers on the Promise of Parallel Execution (Torq) Torq introduces Parallel Execution - instantly create multiple branches within an automatic workflow and handle each concurrently before merging back into a single flow.
Keysight Delivers Design-to-Test Workflow for High-Speed Digital Designs (Business Wire) Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that delivers advanced design and validation solutions to help accelerate innov
ThreatBlockr and Trinsio Partner To Bring the ThreatBlockr Platform to Trinsio Customers (Accesswire) ThreatBlockr partners with Trinsio network security solutions to instantly improve customers' security posture TYSONS, VA and OREM, UT / ACCESSWIRE / September 15, 2022 / ThreatBlockr, the autonomous cyber intelligence and active threat defense platform, and Trinsio, a managed service provider focused on data management solutions, including data backup and recovery, today announced a partnership to bring the ThreatBlockr platform to Trinsio
Trust Software Launches B2B Checkout Platform for TikTok Marketing Partners (PR Newswire) Trust Software Inc, a fintech that develops marketing payment products, today announced the launch of Market, a B2B checkout platform built for...
Recorded Future Intelligence Cloud Adds Okta Integration (PR Newswire) Recorded Future, one of the world's largest providers of intelligence, today announced new capabilities to the Recorded Future Intelligence...
Claroty bringing in Medigate partners (MicroscopeUK) Operational technology security player is bedding in partners that have come on board following acquisition that took the firm into the healthcare market.
Varonis unveils new security features for Salesforce admins (SecurityBrief Asia) Data security firm adds one-click permissions comparison and analysis features for Salesforce admins, saving them time while improving security posture.
Tanium Unveils Groundbreaking Integration with Microsoft Sentinel (Business Wire) Tanium, the industry’s only provider of converged endpoint management (XEM), today announced the first of several powerful integrations between Micros
Technologies, Techniques, and Standards
Bitdefender Releases Universal LockerGoga Decryptor in Cooperation with Law Enforcement (Bitdefender Labs) We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack on Norsk Hydro.
CISA and NSA Publish Open Radio Access Network Security Considerations (CISA) CISA and the National Security Agency (NSA) have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework (ESF) Open Radio Access Network (RAN) Working Panel, a subgroup within the cross-sector working group— assessed the benefits and security considerations associated with implementing an Open RAN architecture.
NSA Plans for Full Post-Quantum Cryptography by 2035 (Meritalk) The National Security Agency (NSA) expects National Security Systems (NSS) owners and vendors to start using post-quantum algorithms by 2035.
Like a zero-day attack but 30 years before it happens (Entrust Blog) The title of the blog are not my words but those of Canadian mathematician and renowned post-quantum academic Michele Mosca. Before I explain Michele’s
US Cyber-Defense Agency Urges Companies to Automate Threat Testing (Data Center Knowledge) Automated threat testing is still not very widespread, according to an official at CISA, who added that organizations sometimes don’t follow through after deploying expensive tools on their network and instead just assume they’re doing the job.
Design and Innovation
Report: Complex Logins Fuel Stress, Increase Risk and Harm Productivity (PR Newswire) 1Password, the leader in human-centric security and privacy, today released its Unlocking the Login Challenge report. Based on a survey of...
Unlocking the login challenge: how login fatigue compromises employee productivity, security and mental health (1Password) Most people start their workday the same – logging in to all of the many programs they use to get their work done. But signing in has become more complicated than ever – leaving employees frustrated and ultimately putting businesses' most important information at risk.
Legislation, Policy, and Regulation
Opinion Will deterrence have a role in the cyberspace ‘forever war’? (Washington Post) At a time of growing concern about possible nuclear threats from Russia, some prominent defense strategists are arguing for a new theory of deterrence. They argue that military conflict is now so pervasive in cyberspace that the United States should seek to shift away from deterrence in this domain — and more aggressively exploit the opportunities it presents.
Why NATO Countries Don’t Share Cyber Weapons (The National Interest) As states start to operationalize their cyber commands, they will have to stand on their own feet and not expect much help from their friends.
The EU unboxes its plan for smart device security (TechCrunch) The proposed EU Cyber Resilience Act will introduce mandatory cybersecurity requirements for products that have "digital elements".
China looks to increase penalties under its cybersecurity law (Reuters) China's cyberspace regulator on Wednesday proposed a series of amendments to the country's cybersecurity law including raising the size of fines for some violations, saying that it wanted to do so to improve coordination with other new laws.
The White House is on a cyber bender (Washington Post) The White House spent the week on a flurry of cybersecurity undertaking
White House: U.S. agencies have 90 days to create inventory of all software (The Record by Recorded Future) The White House told agencies this week that they have 90 days to create a full inventory of the products they use.
Biden Orders Deeper Scrutiny of Foreign Investment in Tech and Supply Chains (Wall Street Journal) A new executive order directs the panel screening foreign investment, Cfius, to look at deals in areas U.S. officials say are of interest to China.
Biden order sharpens foreign investment screening process (Washington Post) President Joe Biden on Thursday signed an executive order that administration officials say aims to sharpen the national security considerations taken in the federal government's review process for foreign investment in the United States.
Investors, analysts question Biden's plan to limit U.S. investments in Chinese tech (CyberScoop) Sources say the Biden administration is eyeing new restrictions on U.S. investment in Chinese chip manufacturing, AI and quantum computing.
Building on our Baseline: Securing Industrial Control Systems Against Cyberattacks (House Committee on Homeland Security) DATE: Thursday, September 15, 2022
TIME: 10:00 AM
LOCATION: 310 Cannon House Office Building
SUBCOMMITTEE: Cybersecurity, Infrastructure Protection, & Innovation (117th Congress)
ISSUE: Cybersecurity
Policymakers eye incentives to fund better OT cybersecurity (SC Media) Government efforts are increasingly focused on improving security for the specialized equipment and systems used to run critical services to American society.
Biden admin launches $1B cyber grant program for state, local governments (The Record by Recorded Future) The Biden administration on Friday launched a long-awaited federal cybersecurity grant program that will funnel up to $1 billion to state and local governments to upgrade their digital defenses.
WSJ News Exclusive | Justice Department Forms National Network of Prosecutors Focused on Crypto Crime (Wall Street Journal) The new effort is part of a trend toward putting more resources to target illegal activities involving digital currencies.
Near-Peer Competition Shapes Military Intelligence Priorities (AFCEA International) The services continue to pivot information gathering and intelligence efforts to meet rising threats from China and Russia.
Senate confirms Fick as first U.S. cyber ambassador (The Record by Recorded Future) The U.S. Senate on Thursday confirmed Nathaniel Fick as the country’s first ever cyber ambassador. Fick will head the State Department’s Bureau of Cyberspace and Digital Policy, an office that opened in April and is intended to address gaps in the government’s global cyber response. The confirmation comes one day after the Senate Foreign Relations […]
Cyber ambassador could soon take on a world of challenges (Washington Post) A Senate panel is about to kick the tires on Biden’s pick for top cyber diplomat
California’s New Online Child Protection Law Will Challenge Companies (Wall Street Journal) A new California law on children’s data privacy could be a headache for many companies, especially smaller ones, according to privacy experts.
Litigation, Investigation, and Law Enforcement
Portugal: Prosecutor starts enquiry into hack, leak of classified NATO documents (LUSA) Portugal's public prosecutor's office has opened an enquiry into the cyberattack against the Armed Forces General Staff in which classified NATO documents were extracted and put up for sale on the 'dark web', the Attorney General's Office indicated on Tuesday.
Social media hearings highlight lack of trust, transparency in sector (The Record by Recorded Future) Congressional hearings this week highlighted the U.S. government’s lack of oversight and insight into social media giants — with former employees testifying about grave risks posed by the platforms for which they once worked and the lack of regulatory structures and incentives needed to address them.
Customs officials have copied Americans’ phone data at massive scale (Washington Post) Contacts, call logs, messages and photos from up to 10,000 travelers’ phones are saved to a government database every year
Meta, TikTok, YouTube and Twitter dodge questions on social media and national security (TechCrunch) This was another round of Congress getting stonewalled by top decision makers from some of the world's most powerful and culturally influential companies.
Twitter whistleblower unlikely to influence Musk legal battle, experts say (Financial Times) Peiter Zatko’s testimony to US Senate committee was bruising for social media group but did not make new material revelations
FBI seizes phone from election denier Douglas Frank, a Mike Lindell associate (Washington Post) Hours after FBI agents investigating an alleged breach of voting machines in Colorado seized a cellphone belonging to MyPillow founder Mike Lindell, agents also served a search warrant on Lindell associate and fellow election denier Douglas Frank, Frank said early Thursday.