Moscow and Kyiv: Ukraine's counteroffensive and its reverberations in cyberspace.
Ukraine at D+121: Ukraine's counteroffensive reports further progress. (CyberWire) Ukraine continues to advance in the Donetsk and Kherson regions. Russia continues to struggle with logistics and mobilization.
Russia-Ukraine war: List of key events, day 222 (Al Jazeera) As the Russia-Ukraine war enters its 222nd day, we take a look at the main developments.
Ukraine claws back more territory in southern Kherson region (AP NEWS) Ukrainian forces have broken through Moscow’s defenses in the strategic southern Kherson region, the Russian military acknowledged Monday, an achievement that delivers a sharp blow to one of the four areas in Ukraine that Russian President Vladimir Putin annexed last week.
Russia-Ukraine war: Kremlin unclear on which parts of Ukraine it is annexing as Zelenskiy says gains made in Kherson – live (the Guardian) Kremlin says borders of Russian-occupied southern Kherson and Zaporizhzhia regions not determined as Ukrainian forces liberate two settlements
Ukraine reclaims full control from Russia of logistics hub, asserts further gains (Reuters) The stinging setback for came after Vladimir Putin proclaimed the annexation of four regions covering nearly a fifth of Ukraine, an area that includes the key town of Lyman. Kyiv and the West have condemned the proclamation as an illegitimate farce.
Ukrainian Troops Hunt Demoralized Russian Stragglers in Seized City (New York Times) A major Russian newspaper said the Russian troops, facing defeat in Lyman, had fled with “empty eyes” after barely escaping with their lives.
Russian Army Suffering From 'Morale Collapse' In Ukraine, Already At 'Breaking Point': Ex-Security Adviser (International Business Times) Former National Security Adviser Lt. Gen. H.R. McMaster made the remarks following Ukraine's liberation of the city of Lyman.
Ukrainian advances raise prospect of liberating northern Donbas (The Telegraph) Ukrainians continue towards Svatove and Kreminna after taking full control of Lyman, recently annexed by Russia after a sham referendum
Ukraine live briefing: U.S., U.K. say Russia’s retreat from Lyman ‘significant,’ hurts its ability to resupply troops (Washington Post) Lyman, a key supply hub in eastern Ukraine, has been “fully cleared” of Russian forces, Ukrainian President Volodymyr Zelensky said Sunday, as Western countries cast the troops’ withdrawal as a strategic victory that could undermine Russia’s effort to control the Donetsk region. Donetsk is one of four Ukrainian regions that Russia claimed it annexed after staged referendums, in violation of international law and despite widespread global criticism. Russia, meanwhile, is looking ahead to next steps after Russian President Vladimir Putin announced the annexations.
Ukraine-Russia war live: Ukrainians break through Kherson front line (The Telegraph) Volodymyr Zelensky said that Ukraine's forces have liberated two small settlements in the southern Kherson region.
Ukraine troops say they take key town, Putin ally mulls possible nuclear response (Reuters) Ukrainian forces said they had taken the bastion of Lyman in occupied eastern Ukraine, a stinging defeat that prompted a close ally of Vladimir Putin to call for the possible use of low-grade nuclear weapons.
Three maps that explain Russia’s annexations and losses in Ukraine (Washington Post) Russian President Vladimir Putin announced on Friday Moscow’s annexation of four regions of Ukraine. The move, a violation of international law, was widely condemned by Western nations and followed staged referendums in Donetsk, Luhansk, Kherson and Zaporizhzhia — areas that constitute about 15 percent of Ukraine’s territory.
UK’s Radakin sees grinding duel, ‘skirmish opportunities’ in Ukraine (Defense News) Adm. Antony Radakin painted a rather static picture of the conflict’s trajectory that’s not conducive to quick wins.
Why Putin would be a fool to go nuclear in Ukraine (Telegraph) It would be a personally risky option for the Russian dictator
Ukraine presses on with counteroffensive; Russia uses drones (AP NEWS) KYIV, Ukraine (AP) — Russia attacked the Ukrainian president’s hometown and other targets Sunday with suicide drones, and Ukraine took back full control of a strategic eastern city in a counteroffensive that has reshaped the war.
Russia withdraws troops after Ukraine encircles key city (AP NEWS) After being encircled by Ukrainian forces, Russia pulled troops out Saturday from an eastern Ukrainian city that it had been using as a front-line hub. It was the latest victory for the Ukrainian counteroffensive that has humiliated and angered the Kremlin.
Russian troops withdrawing from Lyman, a day after annexation claims (Washington Post) Less than 24 hours after Russian President Vladimir Putin proudly proclaimed the illegal annexation of Ukraine’s Donetsk region, thousands of his troops appear to be withdrawing from a strategic town there under Ukrainian fire.
Zelenskyy to Russians: Get names tattooed so we can ID your corpses (Military Times) Ukrainian President Volodymyr Zelenskyy has generated no shortage of eye-catching headlines and propaganda.
Missile strike on civilian convoy kills 25 in Zaporizhzhia (Washington Post) A wave of suspected Russian missile strikes killed at least 25 Ukrainians on Thursday as they waited to deliver aid and to collect relatives from an area that Russian President Vladimir Putin moved to annex in violation of international law.
Russia’s Annexed Land Is a Crime Scene (Foreign Policy) Ukraine needs help documenting Russian atrocities.
Congress passes Ukraine nuclear security funding (Defense News) The $35 million in Ukraine nonproliferation aid comes amid Putin's threats to use nuclear weapons and shelling near the Zaporizhzhia power plant.
Putin overruled his top security service in prisoner swap with Ukraine (Washington Post) The prisoner swap between Russia and Ukraine in late September was approved by Russian President Vladimir Putin over the objections of his top security service, the FSB, which had concerns about a public backlash in Russia, according to senior Ukrainian and U.S. officials familiar with the matter.
Vladimir Putin is making rash and secretive decisions in face of defeats, Kremlin insiders warn (The Telegraph) Russian leader is accused of a ‘total lack of coordination’ and failing to consult his military chiefs as he faces major setbacks in Ukraine
Americans captured by Russia detail months of beatings, interrogation (Washington Post) In their first extensive interview since being freed, Alex Drueke and Andy Tai Huynh recount the physical and psychological abuse they endured over 104 days in captivity
Cauldron of war in Lyman puts Vladimir Putin’s annexation on thin ice (The Telegraph) The president insists the Ukrainian city will remain in Russian hands ‘forever’ despite defeat looming for his troops
Putin supporters are enraged by the Russian retreat from Lyman. (New York Times) The criticism of the Kremlin after Russia retreated from the key rail hub on Saturday came not just from pro-war commentators on social media, but from two senior allies of Mr. Putin.
Unleash nuclear weapons on Ukraine in wake of defeat in Lyman, Chechen warlord tells Putin (The Telegraph) Ramzan Kadyrov calls for an intensification of the war after Vladimir Putin suffers another humilitating defeat
Pentagon chief warns ‘no checks on Mr. Putin’ amid nuclear threats (The Hill) Defense Secretary Lloyd Austin on Sunday condemned Vladimir Putin’s annexation of four Ukrainian regions, warning there is no one to stop the Russian president from following through on his recent …
Nato backs Ukraine to retake annexed territory after Putin boasts its citizens are now his 'forever' (The Telegraph) Russian president offers peace talks after holding lavish celebrations to celebrate formal seizure of land through unilateral referendums
Putin threatens to increase attacks on Ukraine's civilian infrastructure (Atlantic Council) Vladimir Putin has threatened to destroy Ukrainian civilian infrastructure in a targeted campaign designed to crush the country's will to resist the ongoing Russian invasion.
Putin illegally claims annexation of Ukrainian regions, escalating war Image without a caption By Mary Ilyushina (Washington Post) Amid patriotic pageantry hyped up by the fervor of war, Russian President Vladimir Putin on Friday proclaimed the annexation of four Ukrainian regions, a flagrant violation of international law that stands to escalate and prolong the military conflict in Ukraine, sharpen Moscow’s confrontation with the West and add to the Kremlin’s growing global isolation.
‘It feels inevitable’: Ukraine starts to believe it can win back Crimea (the Guardian) Even as Russia lays claim to more of the country, confidence is growing that the former territory can be retaken
Pope warns of nuclear war risk; appeals to Putin on Ukraine (AP NEWS) Pope Francis on Sunday appealed to Russian President Vladimir Putin for a cease-fire, imploring him to “stop this spiral of violence and death” in Ukraine and denouncing the “absurd” risk of the “uncontrollable” consequences of nuclear attack as tensions sharply escalate over the war .
Red Square becomes concert arena as Putin annexes four Ukrainian regions (The Telegraph) Thousands of people gathered in Moscow’s Red Square on Friday to celebrate the annexation of four Ukrainian regions, waving flags and singing along to patriotic songs in the shadow of the Kremlin’s walls.
Putin denounces imperialism while annexing large swathes of Ukraine (Atlantic Council) Russian President Vladimir Putin has officially annexed four regions of Ukraine while denouncing Western imperialism and proclaiming Russia as the leader of a global "anti-colonialism movement."
Putin’s Roulette (Foreign Affairs) Sacrificing his core supporters in a race against defeat.
Opinion | The Age of Predatory Nuclear-Weapon States Has Arrived (POLITICO) Putin’s nuclear threat marks the start of a new era.
After Putin’s Land Grab, Zelensky Wants to Fast-Track NATO Membership (Foreign Policy) Ukraine likely won’t join NATO anytime soon, but it’s a big symbolic move in a war that’s increasingly going against the Kremlin.
Zelenskyy is pushing for fast-track NATO membership. Does Ukraine have a fighting chance to join the club? (Atlantic Council) Experts from our Transatlantic Security Initiative break down NATO's response to the Ukrainian president's surprise move.
We are entering a terrifying new phase of the Russo-Ukraine war (The Telegraph) The West will be Putin's target in the coming months
Russia has again tried to change Europe's borders by force. What’s next? (Atlantic Council) Our experts map out what to expect after Putin's latest major escalation.
EXPLAINER: How real are Putin's nuclear threats in Ukraine? (AP NEWS) Russian President Vladimir Putin warns that he won't hesitate to use nuclear weapons to ward off Ukraine's attempt to reclaim control of Moscow-occupied areas that the Kremlin is about to annex. While the West dismisses that as a scare tactic, a top Putin lieutenant upped the ante by boldly saying the U.S.
Probability of Russia using tactical nuclear weapons is ‘very high', says Ukraine intel chief as Putin raises the stakes (Fortune) Joe Biden said that the U.S. will “never, never, never” recognize Russia's attempt to annex regions of Ukraine.
Russia’s annexation puts world ‘two or three steps away’ from nuclear war (Washington Post) President Vladimir Putin’s declaration of the annexation of four regions in eastern and southern Ukraine signals the onset of a new and highly dangerous phase in the seven-month old war, one that Western officials and analysts fear could escalate to the use of nuclear weapons for the first time in 77 years.
Opinion Alexei Navalny: This is what a post-Putin Russia should look like (Washington Post) Russian opposition leader Alexei Navalny is serving a nine-year sentence in a maximum-security penal colony. This essay was conveyed to The Post by his legal team.
A conversation with Canadian Foreign Minister Mélanie Joly (Atlantic Council) What role does Canada play in continuing to aid Ukraine and maintaining Western pressure on Russia? What future challenges and opportunities does Ottawa see for Ukraine after its stunning counteroffensive against the Russian military?
The U.N. Security Council Doesn’t Need Reforming (World Politics Review) While calls for reforming the U.N. Security Council are understandable, they are not going to happen. Nor should they.
Russians dodging mobilization behind flourishing scam market (BleepingComputer) Ever since Russian president Vladimir Putin ordered partial mobilization after facing setbacks on the Ukrainian front, men in Russia and the state's conscript officers are playing a 'cat and mouse' game involving technology and cybercrime services.
Pro-Russian hackers temporarily take MI5 website offline with cyber attack (The Independent) Attack follows warning over targeting of Britain and other countries supporting Ukraine in escalating war
MI5 website briefly knocked offline by possible cyber attack (Evening Standard) No sensitive information was held on the website and no data was lost, it is understood
Cyberwar in Ukraine: What You See Is Not What’s Really There (Lawfare) Cyberwarfare during the Russian invasion of Ukraine has not played out as some expected—but it has an impact with some important long-term implications.
U.S. cybersecurity firm launches hiring spree in Ukraine (Axios) Recorded Future is planning to hire up to 100 employees in Ukraine before 2025.
Russia smuggling Ukrainian grain to help pay for Putin's war (AP NEWS) When the bulk cargo ship Laodicea docked in Lebanon last summer, Ukrainian diplomats said the vessel was carrying grain stolen by Russia and urged Lebanese officials to impound the ship.
Attacks, Threats, and Vulnerabilities
Chinese hacking group targeting US agencies and companies has surged its activity, analysis finds | CNN Politics (CNN) An elite Chinese hacking group with ties to operatives indicted by a US grand jury in 2020 has surged its activity this year, targeting sensitive data held by companies and government agencies in the US and dozens of other countries, according to an expert at consulting giant PricewaterhouseCoopers.
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.
Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) VB2022 paper: Lazarus & BYOVD: evil to the Windows core
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
Mexican government suffers major data hack, president's health issues revealed (Reuters) The Mexican government said on Friday it had suffered a major cyber hack of data held by the armed forces, including details about President Andres Manuel Lopez Obrador's heart condition that led to his hospitalization in January.
Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future) Mexico's president confirmed a widely reported cyberattack that leaked sensitive documents from militaries across Central and South America.
Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) A major hack into classified government information in Mexico, including thousands of emails from the armed forces, exposed the country's vulnerability to cyberattacks due to under-investment and poor technological preparedness, experts said on Friday.
Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S. networking company SolarWinds.
Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future) Attackers hijacked the installer of a popular commercial chat provider to spread malware, according to a report published Friday by cybersecurity firm Crowdstrike.
CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) The CrowdStrike threat teams have confirmed a recent supply chain attack delivering malware via a trojanized installer for the Comm100 Live Chat application.
Israeli spyware said used to hack senior Indonesian officials last year (Times of Israel) Report says NSO Group's ForcedEntry software was used to target more than a dozen government and military officials in Indonesia; NSO denies any involvement
Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application.
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Double-play 0-day in Exchange – what you need to know, and what you can do
Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future) Microsoft confirms it is aware of “limited targeted attacks” using vulnerabilities.
Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer) Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.
Two Microsoft Exchange zero-days exploited in the wild. (CyberWre) Microsoft warned late Friday, with updates over the weekend, that two zero-days were being used to exploit Microsoft Exchange Server in the wild. CISA has added the two issues to its Known Exploited Vulnerabilities Catalog.
Gaming firms become lucrative hunting grounds for cybercriminals (mint) As users add their personal data to gaming accounts, hackers are turning to these to steal information
Hurricane-Related Scams (CISA) CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.
CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
CISA: Hackers exploit critical Bitbucket Server flaw in attacks (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.
Okta 'Breaches' Weren't Really Breaches (eSecurityPlanet) Two major Okta 'breaches' this year weren't really breaches. The technology worked as it was supposed to - it was users who failed.
What will determine Optus’ future after cyber attack (Townsville Bulletin) Optus is staring down the barrel of an eye-watering bill and years of damage after a major cyber attack. One thing will determine if the telco makes it through the storm.
Spyware found hidden in Microsoft logo using stenography (Register) Now that's sticker shock
BlackCat said they breached US Department of Defense contractor and went offline (Cybernews) The ransomware gang first said they would leak NJVCs data every 12 hours but later dropped the victim from its list.
BlackCat malware lashes out at US defense IT contractor (Register) Also, Amazon's Ring footage TV shows draws criticism, US v Soviet spying docs found, and more
BlackCat ransomware gang claims to have hacked US defense contractor NJVC (Security Affairs) Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide. BlackCat added NJVC to […]
Hackers gain access to personal data of over 290,000 hotel guests in Hong Kong (South China Morning Post) Office of the Privacy Commissioner for Personal Data also hits out at Shangri-la Group for waiting several months to tell customers about the incident.
Vice Society raises ransomware pressure on Los Angeles school district (Cybersecurity Dive) The ransomware group, which has hit at least eight school systems this year, threatened to publish stolen data from the district next Monday.
Hackers Release Data Stolen From Los Angeles Schools in Ransomware Attack (Wall Street Journal) The Los Angeles Unified School District didn’t name the group suspected in the ransomware attack that nearly shut down the district’s online systems ahead of the first day of school on Sept. 6.
Hackers release LAUSD data after ransom denied (FOX 7 Austin) The group claiming responsibility for the cyberattack had set a Monday deadline for the district to pay a ransom to the organization.
Ransomware gang leaks data stolen from LAUSD school system (BleepingComputer) The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the advisories and apply the necessary updates.
Mozilla Releases Security Update for Thunderbird (CISA) Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.3.1 and make the necessary update.
Drupal Releases Security Update (CISA) Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories. CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.
Trends
REPORT. 2022 Sysdig Cloud-Native Threat Report (Sysdig) Cryptojacking: low risk, high reward for cloud attackers
How cyber governance and disclosures are closing the gaps in 2022 (The Harvard Law School Forum on Corporate Governance) Cybersecurity is reaching an inflection point. Risks are growing and broader regulations are looming. Some companies are keeping pace, but others are ...
Cybercriminals continue to chase SEA’s remote workers (Manila Standard) As hybrid and remote work continue to be the norm in Southeast Asia (SEA), Kaspersky has foiled here over 47M
How cyber governance and disclosures are closing the gaps in 2022 (The Harvard Law School Forum on Corporate Governance) Cybersecurity is reaching an inflection point. Risks are growing and broader regulations are looming. Some companies are keeping pace, but others are ...
Marketplace
What's Going on With Cybersecurity VC Investments? (SecurityWeek) A discussion on the state of cybersecurity investments, venture capital strategies in a confusing economic climate, predictions on hot and not-so-hot product categories, and what happens with all those cybersecurity unicorns.
Kocho acquires Mobliciti, adding strategic mobile management and security capabilities to its growing service portfolio (Business Wire) Kocho, UK-based provider of cyber security, identity, cloud transformation and managed services, today announced that it has acquired Surrey-headquart
Microsoft invests in massive seed round for former CheckPoint employees’ new startup (Geektime) The Ox Security startup was only founded this year but has already raised $34 million to prevent supply chain attacks
ISC2 Recruits More Than 55000 Cybersecurity Candidates in First 30 Days of New Programs (ISC2) 2,700 cybersecurity career pursuers have already passed the (ISC)² Certified in Cybersecurity℠ exam, with more than 53,000 more people registered for a free course and exam
Singtel assesses potential cost of Optus Australian data breach (Reuters) Singapore Telecommunications said on Monday it was assessing the potential cost of a massive cybersecurity breach at its Optus arm, Australia's second-largest telco, 12 days ago.
Singtel says media reports on potential hefty costs from Optus cyber attack 'speculative' (The Straits Times) It adds that while no legal notice of a class action has been received, lawyers have been engaged to advise.
Read more at straitstimes.com.
SingTel Engages Lawyers After Major Data Theft at Australia Unit (Bloomberg.com) Singapore Telecommunications Ltd. is engaging lawyers after a major data breach at its Australian unit Optus, even though the company has yet to receive any legal notice of a class action lawsuit.
Scottish Cyber Awards 2022 | Meet the Finalists (Digit) The 2022 Scottish Cyber Awards - now in its sixth year - will take place at the Sheraton Grand Hotel in Edinburgh on November 24th.
IGI Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion (Accesswire) Building on its annual success, Cybersecurity Awareness Month 2022 is set to highlight the growing importance and accessibility of cybersecurity and look to empower individuals and businesses to take the necessary steps toward being cybersecure PITTSFORD, NY / ACCESSWIRE / October 3, 2022 / Infinite Group, Inc. (IGI) (OTCQB:IMCI) today announced that it has signed on as Champion for Cybersecurity Awareness Month 2022. Founded in 2004,
Products, Services, and Solutions
Infosec products of the month: September 2022 (Help Net Security) The featured infosec products this month are from: 42Crunch, Avetta, Cloudflare, Code42, Commvault, D3 Security, Illumio, and more.
IronNet releases IronRadar to proactively block adversary infrastructure (Help Net Security) IronNet has released IronRadarSM, designed to update customers’ cybersecurity tools with malicious indicators for adversary infrastructure.
ESET unveils new cloud and XDR solutions to improve cybersecurity for MSPs (Help Net Security) ESET has launched new cloud and XDR solutions for Managed Service Providers (MSPs) and ESET Direct Endpoint Management plugin for Kaseya VSA.
LogRhythm Introduces Groundbreaking, Cloud-Native Security Operations Platform (LogRhythm) Unlike other providers, Axon is a brand-new cloud-native platform— built from the ground up and incorporating years of cybersecurity experience.
Technologies, Techniques, and Standards
Cybersecurity Awareness Month 2022 (Identity Defined Security Alliance) During Cybersecurity Awareness Month, we aim to educate consumers, business leaders and IT decision makers on the dangers of not properly securing identities and access credentials.
Cybersecurity Awareness Month: 4 Ways to Participate (MarketScreener) We live in a world of modern digital companies and users have never had so much freedom. We can build anything with cloud apps and services. We can work from anywhere. Learn from... | October 1, 2022
Nation-Backed Cyberattacks Escalate Push to Bolster Data Shields (Bloomberg Law) A string of recent state-sponsored cyberattacks has US government agencies stepping up their cybersecurity protocols and advisement, creating pressure for private-sector companies to shore up their defenses or risk potentially devastating hacks.
Algorithmic Warfare: Zero Trust Architecture Rises Across Industries (National Defense) Government agencies and businesses around the world are moving rapidly to adopt the cybersecurity practice zero trust, a change from just a few years ago, according to a new report.
Design and Innovation
SCA has led to fall in online card fraud - Barclaycard (Finextra Research) 200 days on from the mandatory introduction of Strong Customer Authentication (SCA) in the UK, 73% of retailers have seen online payment fraud decline, according to data from Barclaycard Payments.
Research and Development
Mitre expands R&D in Hawaii as US focus on Indo-Pacific intensifies (C4ISRNet) The site will develop “whole-of-nation” technology collaborations in cybersecurity, transportation, healthcare, veterans services and law enforcement.
Dutch PhD project aims to automate discovery and deciphering of steganography (ComputerWeekly.com) Meike Kombrink, a PhD student in the Netherlands, is focused on detecting hidden messages on the internet.
Academia
Penn State researchers pursue solutions to cybersecurity, energy challenges in smart devices (Centre Daily) A team of Penn State researchers led by Saptarshi Das, associate professor of engineering science and mechanics at the Penn State School of Electrical Engineering and Computer Science, has developed a smart chip to enhance security while conserving energy in personal smart devices.
Legislation, Policy, and Regulation
The EU wants to put companies on the hook for harmful AI (MIT Technology Review) A new bill will allow consumers to sue companies for damages—if they can prove that a company’s AI harmed them.
How Well Is the EU Regulating the Digital Space? (BRINK – Conversations and Insights on Global Business) The EU is increasingly intervening in digital platforms to reduce social inequity and preserve privacy. But how well is the EU keeping pace with new tech?
Schumer urges feds to share more info of recent data breaches | amNewYork (amNewYork) New York Senator Chuck Schumer is calling on the federal government to release more information about recent data breaches.
Schumer calls on feds to give victims more info on hacks, data breaches (New York Post) The New York Democrat called on the feds to step up oversight and investigation into the data breaches under the Cyber Incident Reporting Act, which was signed into law in March.
Biden cybersecurity chief in Seattle to push ‘cyber storytelling’ (Seattle Times) Jen Easterly hopes to change your dinner table conversation.
Litigation, Investigation, and Law Enforcement
AFP launches Operation Guardian to protect victims of Optus hack (CyberSecurity Connect) Optus data breach: federal police launch ‘Operation Guardian’ to protect identity of 10,000 victimsOptus has agreed to repay the cost of replacement passports for those affected by the huge data b
Australian government slams Optus for cybersecurity breach (Reuters) The Australian government on Sunday levelled its harshest criticism yet against Optus, the second-biggest telecoms company, for a cybersecurity breach that affected the equivalent of 40% of the country's population.
Optus data breach: federal police launch ‘Operation Guardian’ to protect identity of 10,000 victims (the Guardian) AFP assistant commissioner Justine Gough said force wanted to ‘supercharge’ protection from identity crime and financial fraud
This data leak was so bad, the government is stepping up to help (Android Police) Think you have it bad with all the T-Mobile data breaches? This one's dead serious:
‘An email is not going to cut it’: Optus lashed for lack of detail after cyber attack (7NEWS) Tens of thousands of Medicare numbers were leaked - but the government says the telco giant is holding back on a crucial piece of information.
German police identified a gang that stole €4 million via phishing attacks (Security Affairs) German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. The phishing campaigns were conducted between October 3, 2020, and May 29, […]
DuPage Medical Group data breach $3M class action settlement (Top Class Actions) DuPage Medical agreed to pay $3 million to resolve claims it failed to protect patient information in a 2021 data breach.
Kim Kardashian Paying $1.26 Million to Settle SEC Investigation Into Role in Crypto Deal (Wall Street Journal) The entrepreneur and reality TV star failed to disclose compensation received for promoting EMAX tokens, the SEC said.