Dateline
Ukraine at D+207: War crimes and threats of escalation. (CyberWire) Evidence of more atrocities surfaces in liberated Izium as Ukraine's counteroffensive continues. Hacktivists continue actions against the Belarusian regime, and Russian state television.
Russia-Ukraine war latest: what we know on day 207 of the invasion (the Guardian) Czech Republic calls for ‘special international tribunal’ after Izium mass grave found; Turkish and Indian leaders call for end to war at Asia summit
Russia-Ukraine war: List of key events, day 208 (Al Jazeera) As the Russia-Ukraine war enters its 208th day, we take a look at the main developments.
Russia-Ukraine latest news - Russian missile strikes Ukraine’s second-largest nuclear power plant (The Telegraph) Ukraine's Pivdennoukrainsk nuclear power plant has been damaged by a Russian missile attack, Ukraine’s nuclear energy agency has said.
Ukraine says Russian missile struck close to nuclear plant (AP NEWS) A Russian missile struck close to a nuclear power plant in southern Ukraine without damaging the three reactors but hit other industrial equipment in what Ukrainian authorities denounced Monday as an act of “nuclear terrorism.”
Russia-Ukraine war: Russian strike at Pivdennoukrainsk nuclear power plant but reactors not damaged – live updates (the Guardian) Reactors not damaged after Russian strikes at nuclear power plant in southern Mykolaiv region
Some 180 invaders dead following blasts at Kherson factory - intelligence (Ukrinform) Four powerful explosions were recorded at a cotton mill in Russian-captured Kherson, which hosted enemy personnel and equipment.
The View From Russia (New York Times) Russians near Ukraine are starting to hear the sound of explosions, and their worries are growing.
‘They won’t invade, will they?’ Fears rise in Russian city that Ukraine war could cross border (the Guardian) As Putin’s forces are pushed back to where they came from, there is growing unease in the city of Belgorod
At Mass Grave Site in Ukraine’s Northeast, a Sign of Occupation’s Toll (New York Times) Russian troops held the city of Izium, in northeastern Ukraine, for six months. One burial site found this week could hold the remains of more than 400 people, investigators said.
Ukraine combs mass burial site, says Russia 'leaves death' (AP NEWS) Ukrainian authorities began unearthing bodies Friday from a mass burial site in a forest recaptured from Russian forces — a find that President Volodymyr Zelenskyy said was an example of "what the Russian occupation has led to.”
Torture, killings, abductions: Russian retreat from Izyum reveals horrors (Washington Post) Russian forces terrorized residents throughout their six-month occupation of Izyum, a strategic hub in northeast Ukraine, with witnesses and victims this week recounting the torture, killings and forced disappearances that soldiers carried out. And as they bore witness, the Ukrainian officials now back in control of the city worked to unearth evidence of those potential war crimes.
Ukraine alleges torture at village near Russian border (AP NEWS) In a dank basement behind the local supermarket, metal bars cordon off a corner of the room to form a large cell. Dirty sleeping bags and duvets show three sleeping spots on top of sheets of Styrofoam for insulation from the damp earth floor.
Russia-Ukraine war: discovery of mass grave in Izium prompts call for war crimes tribunal – live (the Guardian) Czech foreign minister says attacks by Russians on civilian population are ‘unthinkable and abhorrent’
Vatican envoy comes under fire as he delivers aid in Ukraine (AP NEWS) A top Vatican envoy and his entourage came under fire as they were distributing humanitarian supplies in Ukraine, the Vatican news service said on Sunday, but reported no injuries.
Ukraine-Russia war: Missiles strike Russia's Kherson HQ as top officials meet (The Telegraph) Ukraine on Friday launched a long-range rocket attack on an apparent meeting of Kremlin-installed officials in the occupied city of Kherson.
Putin Threatens New Military Strikes on Ukraine Infrastructure (Bloomberg) Russian leader says ‘in no rush’ with military operation. In first public comments, Putin dismissive of counteroffensive.
Russia 'trying to trick' men into military service in Ukraine (The Telegraph) Misleading letters tell recipients they have been formally and legally conscripted
The letters left behind by demoralized Russian soldiers as they fled (Washington Post) About 10 days before Ukrainian forces retook the city of Izyum last weekend, Russian troops stationed here were so demoralized that they drafted letters begging their superiors to dismiss them from their roles.
Opinion A visit to Kyiv reveals the secret of Ukrainian success (Washington Post) At first glance, Kyiv looked strangely normal. There were a few barricades here and there, but mostly the streets were busy, traffic was moving, shops were open and restaurants were full.
How Belarusian hacktivists are using digital tools to fight back (The Record by Recorded Future) When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn't rush to accept it. “To be honest, I was scared,” she told The Record.
Ukrainian military intelligence prepares to demonstrate its cyber offensive capacities in DC (Intelligence Online) A summit dedicated to the hybrid war between Ukraine and Russia is to take place in Washington, thanks to sponsorship from private sector cyber security and intelligence operators and CIA venture
The Blitzkrieg of Cyberattacks - And How To Survive It (TechHQ) Analysts are warning that western companies could be facing an unprecedented number of cyberattacks - soon.
What the Ukrainian War Can Teach Businesses About Cybersecurity (The Goa Spotlight) The number of cyber attacks on the government and military sectors of Ukraine increased by no less t
How the St. Javelin meme raised a million dollars for Ukraine (Washington Post) Saint Javelin doesn’t grace the stained-glass windows of any church. Her halo is a shade of yellow closer to that of sunflowers and wheat than the golden orb on a traditionally canonized saint. Instead of an infant, she tenderly cradles a Javelin — an American-made, handheld antitank missile.
NATO Forges Plans to Surge Forces to Baltics In a Crisis (Defense One) Estonia is planning new training areas and infrastructure under a defense budget increase.
German, Estonian troops to practice defense of Tallinn harbor, airport (Defense News) Defending the Baltic nations from Russian attack is a key consideration in NATO’s operational plans.
US Weighs Escalation Risk As Ukraine Asks for Longer-range Missiles (Defense One) Will ATACMS become the latest weapon that Washington has initially withheld, but ultimately given?
Military intel chief says Putin can't achieve Ukraine goal (AP NEWS) Russia's setbacks and stretched resources in Ukraine show its forces are incapable of achieving President Vladimir Putin's initial aims in invading the country as things stand now, the Pentagon's intelligence chief said Friday.
Russia’s underperforming military capability may be key to its downfall (the Guardian) Despite superior firepower, Russian forces have failed to fulfil their potential and face a dispiriting battle to regain the upper hand over Ukrainesia-Ukraine war: latest update
For Russia's Putin, military and diplomatic pressures mount (AP NEWS) Pressure on Russian President Vladimir Putin mounted on the battlefield and in the halls of global power as Ukrainian troops pushed their counteroffensive Saturday to advance farther into Ukraine's partly recaptured northeast.
What happens if Putin goes nuclear in Ukraine? Biden has a choice to make (the Guardian) Russian forces are in retreat yet Nato still holds back for fear of what a humiliated Putin might do. But now is precisely the time to step up the pressure
The Russian Empire is already falling apart (The Telegraph) Moscow’s disastrous war in Ukraine is weakening its influence in former Soviet states that it has long dominated
Narendra Modi’s admonishment for Vladimir Putin: ‘I told you this was not an era for war’ (The Telegraph) 'I have spoken to you on the phone about this', says the Indian leader as he scolds the Russian president over his invasion of Ukraine
Xi Might Finally Be Losing Patience With Putin (World Politics Review) Though China has offered a much-needed diplomatic lifeline to Vladimir Putin and Russia, Xi Jinping’s patience now seems to have worn thin.
China’s New Vassal (Foreign Affairs) The war in Ukraine turned Moscow into Beijing’s junior partner.
Putin’s Russia is already learning the
cost of becoming a vassal state of Xi’s China (The Telegraph) It could well turn out that, in the long run, the biggest threat to Moscow’s territorial integrity isn’t the West but the East
Russia's security chief begins two-day visit to China on Sunday (Reuters) Russian Security Council secretary Nikolai Patrushev will hold security consultations and meetings during a two-day visit to China starting Sunday, China's foreign ministry said.
Russia’s most famous pop star becomes latest to criticise war in Ukraine (The Telegraph) Alla Pugacheva, known as the Russian Dolly Parton, has asked Vladimir Putin to label her a foreign agent
‘There are growing cracks in the support for Putin’ (The Telegraph) Working class miner’s daughter turned White House policy adviser Fiona Hill explains why she thinks Russia is losing the war against Ukraine
Opinion | Why Queen Elizabeth’s Strength Is Putin’s Weakness (New York Times) Why the mystical quality we call legitimacy is key for rulers.
How Ukraine Has Changed Russian Diplomacy (Foreign Policy) Moscow is shunning legacy platforms for dialogue—and creating its own.
Every Recent Oil and Food Price Shock Bears Putin’s Fingerprints (Foreign Policy) Russia is a pivotal actor in global markets—and its president is willing to destabilize them for political gain.
Germany seizes control of three Russian-owned Rosneft oil refineries (The Telegraph) 'We are making ourselves independent of Russia', Chancellor Scholz said on Friday
Opinion | Wonking Out: What Ukraine Needs From Us (New York Times) Lawyers, guns and money. OK, skip the lawyers.
Russia’s War in Ukraine: Military and Intelligence Aspects (Congressional Research Service) Russia’s renewed invasion of neighboring Ukraine in February 2022 marked the start of Europe’s deadliest armed conflict in decades. After a steady buildup of military forces along Ukraine’s borders since 2021, Russia invaded Ukraine on February 24, 2022, with Russian ground forces attacking from multiple directions.
Attacks, Threats, and Vulnerabilities
High Severity IDOR Vulnerabilities Identified by Oxeye Research Team in CNCF ‘Harbor’ Project by VMware (EIN News) Newly Revealed High-Risk Vulnerabilities in Commonly Used Cloud Native Application Open-Source Security Project
Threat Alert: New Malware in the Cloud By TeamTNT (Aqua Security) Could TeamTNT be back? Our honeypots were attacked by malware that bears a resemblance to these threat actors and we analyze the possible connection.
TeamTNT hijacking servers to run Bitcoin encryption solvers (BleepingComputer) Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe the notorious hacking group is back in action.
Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer) While monitoring the Emotet botnet's current activity, security researchers found that the malware is now being used by the Quantum and BlackCat ransomware gang to deploy their payloads.
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 (AdvIntel) Throughout 2022, AdvIntel observed 1,267,598 total Emotet infections worldwide. Significant peaks in activity occurred between February/March, notably kicking off during the start of the Russian-Ukrainian conflict at the end of February, and between June/July; attributed to Emotet’s usage alongside post-Conti groups such as Quantum and BlackCat. It is notable that the most Emotet-targeted country is the United States, making up 35.7% of the dataset, with Finland (10.3%), Brazil (9.9%), The Nethe
August’s Top Malware: Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index (Check Point Software) Check Point Research reports that FormBook is the most prevalent malware, while the Android spyware Joker takes third place in the mobile index. Apache
North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application (The Hacker News) North Korean hackers have been found leveraging a "novel spear-phish method" that involves making use of trojanized versions of the PuTTY SSH.
Unholy Triangle (Digital Citizens' Alliance) From Piracy to Ads to Ransomware: How Illicit Actors Use Digital Ads on Piracy Sites to Profit by Harming Internet Users
Piracy Advertising Researchers Fall Victim to Ransomware Attacks (TorrentFreak) New research finds that 12% of all ads on pirate streaming sites link to malware. It's so bad that even experts can run into ransomware.
Cybersecurity: CISA warning of high-severity PAN-OS DDoS flaw (Digital Journal) This warning also serves as a reminder that infrastructure devices must be included in vulnerability management programs.
Google, Microsoft can get your passwords via web browser's spellcheck (BleepingComputer) Enhanced Spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.
Uber says “no evidence” user accounts were compromised in hack (The Verge) Uber’s ride-hail and food delivery services are fine too.
Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This (The Hacker News) Uber claims to have found no evidence that users' private data was compromised in latest breach, but screenshots and information from various sources
Uber apparently hacked by teen, employees thought it was a joke (The Verge) Internal systems appear to have been compromised.
Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) An Uber hacker who has gained access to a number of the company’s internal systems, including its Slack channels, claims to have full control of the company’s cloud-based servers and more. This includes the company’s servers on both Amazon Web Services and Google’s GSuite. Incredibly, the attack appears to have mimicked the one back in […]
The Uber Hack’s Devastation Is Just Starting to Reveal Itself (WIRED) An alleged teen hacker claims to have gained deep access to the company’s systems, but the full picture of the breach is still coming into focus.
Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known (Ars Technica) “I announce I am a hacker and Uber has suffered a data breach,” intruder says on Slack.
Uber hacked by teen who annoyed employee into logging them in - report (Jerusalem Post) Uber employees trying to access internal webpages were taken to a page with a pornographic image and the message "F*&% you wankers."
18-year-old allegedly hacks Uber and sends employees messages on Slack (Interesting Engineering) The hacker apparently has full access to Uber's network and is just enjoying his time there. No mala fide intent, just honing up skills.
Uber Investigating Massive Security Breach by Alleged Teen Hacker (Gizmodo) The hacker claimed to gain access to Uber's AWS, Google Cloud, and even financial data.
Uber cyber attack: protecting against social engineering (Information Age) Uber has announced a "cyber security incident", which entailed an 18-year-old hacker infiltrating employees' Slack network
Threat actor breaches many of Uber’s critical systems (Cybersecurity Dive) After duping an employee into providing their password, the attacker claims it gained access to Uber’s cloud infrastructure and sensitive data.
Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) An Uber hacker who has gained access to a number of the company’s internal systems, including its Slack channels, claims to have full control of the company’s cloud-based servers and more. This includes the company’s servers on both Amazon Web Services and Google’s GSuite. Incredibly, the attack appears to have mimicked the one back in […]
Uber confirms hack in the the latest access and identity nightmare for corporate America (SC Media) Ride-share company Uber confirmed it was hacked in what appears to be a damaging compromise that includes both internal systems and the company’s accounts for multiple third-party services.
Uber hacked, attacker tears through the company's systems (Help Net Security) Uber has been hacked, again - this time by an 18-year-old (allegedly). The hacker claims to have gotten in by social-engineering an employee.
Uber confirms it is investigating cybersecurity incident (The Record by Recorded Future) Uber confirmed on Thursday it was responding to a cybersecurity incident following reports the company had taken several internal communications and engineering systems offline after staff had been contacted by a hacker.
UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you (Naked Security) Uber is all over the news for a widely-publicised data breach. We help you answer the question, “How do I stop this happening to me?”
Serious breach at Uber spotlights hacker social deception (Idaho State Journal) The ride-hailing service Uber said Friday that all its services were operational following what security professionals are calling a major data breach, claiming there was no evidence the hacker got
LastPass says hackers had internal access for four days (BleepingComputer) LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted.
Microsoft Teams deemed unsafe to use by security researchers (Android Police) First, it stalled 911 calls. Now, we've got another reason to avoid Microsoft Teams.
CISA Warns of Critical Flaw in Honeywell SoftMaster PLC Software (Decipher) A critical vulnerability in the Honeywell SoftMaster PLC controller software can allow an attacker to execute arbitrary code on vulnerable machines.
NCSC warns about Queen-related phishing scams (Computing) Pay attention to emails, texts, and other communications on the Queen's passing and funeral arrangements
FBI and CISA Responded to a Cyber Attack and Ransomware Incident on Los Angeles School District (LAUSD) (CPO Magazine) The Los Angeles Unified School District (LAUSD) suffered a cyber attack over the Labor Day holiday weekend, causing “significant disruption” to its digital infrastructure.
‘Threat Actor’ Claims Responsibility For Suffolk Hack On Dark Web (Sachem, NY Patch) "The county's incident response team is assessing this information and working closely with law enforcement agencies," Bellone says.
Hackers Demanding Ransom Leak Files in Suffolk Cyberattack (LI Press) Hackers leaked documents that the cybercriminals stole from Suffolk County servers, which were taken offline last week to contain the damage — and the hackers threatened to leak more if ransom isn’t paid.
IHG hack: 'Vindictive' couple deleted hotel chain data for fun (BBC News) The pair, who say they are from Vietnam, wiped out IHG group data after a foiled ransomware attack.
New York ambulance service discloses data breach after ransomware attack (BleepingComputer) Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information.
Grand Theft Auto VI footage leaks, and hacker threatens to spill more (Axios) Clips appear to confirm Vice City setting and female protagonist.
Car registration scam remerges with Kiwis warning others to watch out for it (Newshub) "This is part of a sophisticated phishing campaign designed to harvest customers' credit card and driver's license information."
Housing association denies scam calls related to data breach (Watford Observer) Watford Community Housing Trust has denied that recent scam calls to their customers are related to a data breach in 2020.
CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog (Security Affairs) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerabilities added to the catalog: CVE-2022-40139: Trend […]
Security Patches, Mitigations, and Software Updates
Verizon and T-Mobile LG Wing now receiving Android 12 update (YTECHB) LG Wing is one of the most innovative smartphones by LG released in 2020 with Android 10 OS. In November last year, the device received its first major OS upgrade in the form of the Android 11 upgrade. And now is the time for the second big software upgrade – the Android 12 upgrade.
So this is why some Pixel 6 series users didn't get the September update yet! (Phone Arena) Verizon customers with the Pixel 6 and Pixel 6 Pro had the September update delayed until it was disseminated this past week.
Trends
What is the potential financial damage of cyberattacks? (Jerusalem Post) Acronis, a Swiss software firm, revealed in a recent report that organizations and companies will lose $30 billion by 2023 due to ransomware attacks.
"There is cyber warfare happening everyday. You don't feel it because there is no blood on the streets, but it is super dangerous" (CTech) Guy Caspi, CEO of cybersecurity company Deep Instinct, was speaking at Mind the Tech NY
Customer Reimbursement Models for Financial Scams (Biocatch) Explore the current regulatory landscape related to unauthorized and authorized payment fraud in eight countries.
Highlights of the 2022 Pwnie Awards (Dark Reading) Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.
Marketplace
He got an unexplained $250,000 payment from Google. The company says it was a mistake (NPR) Sam Curry, a self-described hacker, was puzzled by the payment. A Google spokesperson says the company paid "the wrong party as the result of human error" and was working to correct it.
Iron Bow to Operate US Army Cybersecurity Platform (The Defense Post) The US Army has selected software company Iron Bow Technologies to operate its cybersecurity platform AttackIQ for the next three years.
How CrowdStrike plans to become a generational platform (SiliconANGLE) How CrowdStrike plans to become a generational platform - SiliconANGLE
Microsoft Security Shifts its Cybersecurity Approach (CXOToday.com) Microsoft Security wants to be the go-to partner for all enterprise security solutions and has now set its sights on end-to-end security protection to customers
Singapore Police Force Recognizes Group-IB’s efforts in securing safer space (Group-IB) Group-IB, one of the global leaders in cybersecurity, headquartered in Singapore, has been recognized by Singapore Police Force (SPF) for its commitment and vigilance in detecting and deterring digital threats facing the country. Group-IB Founder and Chief Executive Officer, Dmitry Volkov was presented with an Appreciation Plaque by the Guest of Honor, Deputy Commissioner of Police (Investigation & Intelligence), Mr. How Kwang Hwee at the 8th Alliance of Public PrivAte Cybercrime sTakeholders (APPACT). The event was hosted at the Senior Police Officers’ Mess.
Intel community, awash in data, seeks in-demand talent to make sense of it (Federal News Network) The intelligence community, tasked with analyzing data and more raw intelligence than ever before, is looking to build out its workforce to keep up with emerging threats.
Clearance Holder Nervous that Side Hustle will be Exposed (ClearanceJobs) With COVID, this cyber guru by day, reservist by weekend, wanted to sweeten the pot by adding in a side hustle.
How to Find a Job Fighting Cyber Crime (ClearanceJobs) Amentum received a $500 million Treasury contract to investigate and analyze cyber-enabled financial crime.
Cybernatics appoints Andy Huang as Chief Information Security Officer (ETCIO.com) With more than 25 years of experience in leading end-to-end security initiatives, Andy Huang will further the cybersecurity software development compa..
Arkose Labs Hires John Chirhart, Former Google Security Leader (MarTech Series) Arkose Labs, the global leader in bot management, announced that John Chirhart has joined the company as Cybersecurity Intelligence Officer
Cofense advances its team members, Tonia Dudley and Josh Bartolomie (Help Net Security) Dudley and Bartolomie bring to their new roles extensive knowledge and experience with both Cofense’s technologies and customers.
CyberArk Announces Peretz Regev as Chief Product Officer (Business Wire) CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the appointment of Peretz Regev as chief product officer. Regev bring
OneSpan Welcomes Stuti Bhargava as Company’s First Chief Customer Experience Officer (OneSpan) SaaS and cybersecurity leader joins OneSpan’s executive team to scale and drive customer excellence
Products, Services, and Solutions
New infosec products of the week: September 16, 2022 (Help Net Security) The featured infosec products this week are from: Kingston Digital, Avetta, D3 Security, novoShield, and Socure.
OneSpan Launches Virtual Room Enabling Secure Face-to-Face Transactions (OneSpan) Purpose-built, high-assurance solution blends the simplicity of a consumer video collaboration app with bank-grade identity and authentication security
Avast takes over plugin “I don’t care about cookies” - IT World Canada (IT World Canada - Information Technology news on products, services and issues for CIOs, IT managers and network admins) Avast, a Czech multinational cybersecurity software company that researches and develops computer security software, machine learning and artificial intelligence, has bought the plugin “I don’t care about cookies,” a browser extension that disables cookie alerts on almost all websites. According to founder Daniel Kladnik, the acquisition is a step towards better products. He has promised […]
Google partners with Allianz and Munich Re to secure cloud users (Market Research Telecast) Google (NASDAQ: GOOGL ) has teamed up with two global insurers to cover cyber-attacks and risks related to businesses using its cloud services,
How to Use DuckDuckGo’s Privacy-First Email Service (WIRED) Tired of advertisers spying on your private communications? This beta promises to kick tracking technology to the curb.
ForgeRock announces next gen identity orchestration capabilities (SecurityBrief Asia) ForgeRock has launched identity orchestration capabilities to enable enterprises to deliver improved user experiences secured by threat protection.
Learn how to defend networks for $49 with these CompTIA prep courses (BleepingComputer) Cybercriminal activity won't slow down anytime soon, but that ultimately means there might be a bright, stable IT career ahead of you. For a limited time, you can purchase the Complete 2022 CompTIA Cyber Security & PenTest Super Bundle for $49, or under $9 per course.
Phosphorus and EverSec Group collaboration expands xIoT security throughout the US (Help Net Security) Phosphorus and EverSec Group collaboration will expand their footprint and deliver xIoT security to more companies across the U.S.
Technologies, Techniques, and Standards
Spy agency says 170,000 cyberattacks launched on NZ (NZ Herald) The cyberwar frontier is an increasingly complex and busy environment.
CISA orders agencies to patch vulnerability used in Stuxnet attacks (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them.
DoD Cyber Crime Center, U.S. Cyber Command Develop Interagency Collaboration (Hstoday) DC3 is providing Cyber National Mission Force (CNMF) military personnel with rotational program assignments embedded with DC3 cyber analysts.
Design and Innovation
Les clés de la Cryptographie Post-Quantique (Programmez!) La technologie des ordinateurs quantiques n’en est qu’à ses débuts qu’on parle déjà de cryptographie post-quantique. Loin du buzzword, cette discipline est en passe de devenir un vrai casse-tête dans les secteurs de la cybersécurité, des télécommunications, des banques ou encore des renseignements. La disruption de l’informatique quantique, avant d’être une opportunité et une source de progrès dans de nombreux domaines, sera une menace sérieuse pour la sécurité des données.Deux disciplines distinctes : la cryptographie quantique vs la cryptographie post-quantique.
Research and Development
DHS to Spend Almost $700,000 Investigating ‘Radicalization in Gaming’ (Vice) Several groups are coming together to study the little understood phenomenon.
Army ponders satellite partners for 'Lonestar' GPS interference warning system (Breaking Defense) The experimental tech would directly alert soldiers on the ground when GPS signals have been disrupted.
Academia
Verizon launches 5G Innovation Hub with the University of South Carolina (Verizon) Verizon and the University of South Carolina are exploring how 5G Ultra Wideband can transform industries including manufacturing, healthcare and civil infrastructure, among others.
Legislation, Policy, and Regulation
China plans sanctions on CEOs of Boeing Defense, Raytheon over Taiwan sales (Reuters) China will impose sanctions on the chief executives of Boeing Defense and Raytheon over their involvement in Washington's latest arms sales to Taiwan, a foreign ministry spokesperson said on Friday.
European Media Freedom Act - Proposal for a Regulation and Recommendation (Shaping Europe’s digital future) The Proposal for a Regulation and the Recommendation relating to the European Media Freedom Act.
EU moves to protect journalists from spyware (The Record by Recorded Future) European Union lawmakers are aiming to protect journalists from member states’ targeting them with spyware following a number of high-profile incidents across the bloc.
FACT SHEET: White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets (The White House) Following the President’s Executive Order, New Reports Outline Recommendations to Protect Consumers, Investors, Businesses, Financial Stability, National
White House Releases ‘Comprehensive Framework’ for Crypto Regulation and Development (Decrypt) The White House’s recommendations are built on six months of wide-ranging research across the digital asset sector.
Justice Department Announces Report on Digital Assets and Launches Nationwide Network (US Department of Justice) The Department of Justice today announced significant actions regarding digital assets, including the public release of its report, pursuant to the President’s March 9 Executive Order on Ensuring Responsible Development of Digital Assets, on The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets; and the establishment of the nationwide Digital Asset Coordinator (DAC) Network, in furtherance of the department’s efforts to combat the growing threat posed by the illicit use of digital assets to the American public.
WSJ News Exclusive | Justice Department Forms National Network of Prosecutors Focused on Crypto Crime (Wall Street Journal) The new effort is part of a trend toward putting more resources to target illegal activities involving digital currencies.
Biden-Harris Administration Announces $1 Billion in Funding for First-Ever State and Local Cybersecurity Grant Program (US Department of Homeland Security) Today, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country. This State and Local Cybersecurity Grant Program, made possible thanks to President Biden’s Bipartisan Infrastructure Law, provides $1 billion in funding to SLT partners over four years, with $185 million available for FY22, to support SLT efforts to address cyber risk to their information systems.
New Grant Program Is a Game-Changer for State and Local Governments (Palo Alto Networks Blog) State and Local Cybersecurity Grant Program (SLCGP) will provide a much needed boost for state and local governments to improve their cybersecurity posture.
[Letter to Senators Peters, Reed, Portman, and Inhofe on H.R. 7900, amendment 554] ([A coalition of 18 business and industry organizations]) Dear Chairman Peters, Chairman Reed, Ranking Member Portman, and Ranking Member Inhofe: Our associations have concerns with provisions of H.R. 7900, the National Defense Authorization Act for Fiscal Year 2023, added by amendment 554 that would require the Department of Homeland Security (DHS) to designate certain critical infrastructure as systemically important entities (SIEs). We question the amendment’s ability to advance U.S. cybersecurity beyond the status quo. Among other things, the amendment would create unnecessary programmatic redundancies and put aggregated industry cyber reports at an elevated risk of exploitation by America’s foreign adversaries.
Cybersecurity experts warn lack of urgency to warnings is greatest threat (Maryland Daily Record) A panel warns executives' lack of urgency in fixing vulnerabilities, lax data security and complacency about safety measures present threats to businesses.
Litigation, Investigation, and Law Enforcement
Pentagon opens sweeping review of clandestine psychological operations (Washington Post) Complaints about the U.S. military’s influence operations using Facebook and Twitter have raised concern in the White House and federal agencies.
At eBay, Lurid Crimes and the Search for Punishment (New York Times) The victims of a bizarre cyberstalking operation are trying to hold the chief executive and the culture of the company responsible.
Clearview AI, Used by Police to Find Criminals, Now in Public Defenders’ Hands (New York Times) After a Florida man was accused of vehicular homicide, his lawyer used Clearview AI’s facial recognition software to prove his innocence. But other defense lawyers say Clearview’s offer rings hollow.
Indonesia hunts for Bjorka, hacker selling 1.3b SIM card users' data, taunting officials (The Straits Times) The hacker also leaked a log of the President's correspondence and ministers' personal data.
Read more at straitstimes.com.
5th Circuit Rewrites A Century Of 1st Amendment Law To Argue Internet Companies Have No Right To Moderate (Techdirt) As far as I can tell, in the area the 5th Circuit appeals court has jurisdiction, websites no longer have any 1st Amendment editorial rights. That’s the result of what appears to me to be the…
TikTok Won’t Promise To Stop Transferring US Data To China: COO (NATION AND STATE) TikTok COO Vanessa Pappas refused to commit to stopping the transfer of US data to China
It Hurts More When Your Friends Spy on You (ClearanceJobs) A former State Department communications officer, was sentenced on this day in 1993, for his crime of espionage on behalf of Greece.
Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police (CyberScoop) Aubrey Cottle, known for his ties to the hacktivist collective Anonymous, took responsibility for multiple hacks on his TikTok channel.
Unsealed docs in Facebook privacy suit offer glimpse of missing app audit (TechCrunch) The revelations provide a glimpse into the privacy-free zone Facebook was presiding over when a "sketchy" data company helped itself to millions of users' data.
Bitdefender, Europol, Swiss police publish decryptor for LockerGoga ransomware (The Record by Recorded Future) Bitdefender, Europol and Swiss prosecutors published a new decryptor for the LockerGoga ransomware on Friday.