Dateline
Russia-Ukraine war live: Kremlin defends retreat from occupied regions as Ukraine recaptures ‘dozens’ of towns (the Guardian) Moscow says occupied Ukrainian regions ‘will be with Russia forever’ as Ukrainian forces continue rapid advance
Ukraine Reports Advances in Its Southern Counteroffensive (New York Times) While Kyiv’s army is gaining momentum on the battlefield in the east and south, much of the land it has recaptured has been razed and abandoned. Russia’s new recruits remain largely in the wings.
Ukraine’s counteroffensive explained in maps (Al Jazeera) Ukraine says it has recaptured 8,000 square kilometres (3,090 square miles) of territory from Russian forces this month.
Ukraine hammers Russian forces into retreat on east and south fronts (Washington Post) Ukrainian troops on Tuesday accelerated their military advances on two fronts, pushing Russian forces into retreat in the Donetsk and Luhansk regions to the east and in the Kherson region to the south.
Ukraine Expels Some Russian Troops in South, Expanding Campaign (New York Times) Moscow’s retreat has pulled back the curtain on a panorama of ruined towns and empty villages left in its wake.
Russian army maps show major retreats in Ukraine’s Kherson region (Al Jazeera) Russian defence ministry maps show rapid pullbacks in key Kherson region amid Ukraine army’s counteroffensive.
Ukraine Presses Forward on Two Fronts as Horrors of War Linger (New York Times) A reclaimed village provides a glimpse of the toll of a sweeping counteroffensive in the east. Kremlin-installed officials said they had also lost ground in the south, as Moscow acknowledged that the borders of the territory it has illegally annexed were in flux.
Ukraine frees thousands of people from occupation as Russian front line collapses (The Telegraph) Kremlin forced to retreat after troops break through its southern lines in lightning advance
Ukraine: at least 18 people working for occupiers targeted in attacks (the Guardian) Attacks reportedly carried out by Ukrainian partisans as Kyiv pledges ‘intensification of special saboteur operations’
Russia Touts Rapid Mobilization but Faces Dilemma as Ukrainians Advance (Wall Street Journal) Moscow could rush in ill-prepared troops now or wait to send better-trained ones next year and risk further Ukrainian gains, Western military analysts say.
More Russians Flee Than Join Putin’s Army After Call-Up for War (Bloomberg) Far more Russians have fled abroad than have enlisted in the military since President Vladimir Putin announced a mobilization to bolster his faltering invasion of Ukraine.
I’m a hostage of Vladimir Putin’s war, says Russian soldier rushed to the front line (The Telegraph) Anatoly, not his real name, reveals to The Telegraph the chaos behind Moscow’s efforts to frantically draft men into battle
Russians Fleeing the Draft Find an Unlikely Haven (New York Times) Tens of thousands of men have ended up in places like Kyrgyzstan, a former Soviet territory, that normally see few refugees but are willing to take them.
Central Asia Faces a Russian Migrant Crisis (Foreign Policy) As men flee Putin’s draft, Russia’s neighbors struggle to cope.
Mobilization Can’t Save Russia’s War (Foreign Policy) Russian troops are being trained to be cannon fodder.
Ukraine considering restarting Zaporizhzhia nuclear plant (Axios) The move could come nearly a month after nuclear power operator Energoatom shut down the plant.
Ukraine nuclear workers recount abuse, threats from Russians (AP NEWS) Alone in his apartment in the Russian-occupied city of Enerhodar in southeastern Ukraine, nuclear plant security guard Serhiy Shvets looked out his kitchen window in late May and saw gunmen approaching on the street below.
Ukraine Latest: Kyiv Pursues Assaults, EU Mulls Russia Sanctions (Bloomberg) The war in Ukraine will probably be over in months, rather than years, Mykhailo Podolyak, an adviser to Ukrainian President Volodymyr Zelenskiy’s chief of staff, said in an interview.
Uncovered: Box of gold teeth pulled from Ukrainians at Russian torture chamber (The Telegraph) Prisoners were reportedly buried alive in the liberated eastern Kharkiv region
Is Russia preparing to target vital Norwegian energy exports to Europe? (Atlantic Council) Recent drone activity close to Norwegian energy infrastructure has sparked calls for urgent security measures to prevent potential Russian sabotage of vital oil and gas exports to Europe in the coming months.
Drone-loaded seabed ship is latest weapon in Royal Navy's arsenal to counter Russian threat (The Telegraph) Modified vessel signed off immediately after Ben Wallace said he 'needed it now'
Opinion Undersea pipeline sabotage demands the West prepare for more attacks (Washington Post) Evidence continues to accumulate regarding underwater explosions that blew huge holes in two Russia-to-Germany natural gas pipelines on Sept. 27, and the circumstances all point to what a official NATO statement called “deliberate” sabotage. Sweden and Denmark have officially informed the U.N. Security Council that there were “at least two detonations” using “several hundred kilos” of explosives.
US announces new $625M security package for Ukraine (AP NEWS) The U.S. announced plans on Tuesday to provide an additional $625 million in military aid to Ukraine, a package that includes additional advanced rocket systems credited with helping the country’s military gain momentum in its war with Russia.
Ukraine-Russia war latest - US to send four more Himars to Zelensky (The Telegraph) The US is expected to send four High Mobility Artillery Rocket System (Himars) to Ukraine as part of a $625 million aid package.
Russia-Ukraine war latest: New US Himars boost risk of 'military clash' with West, warns Kremlin (The Telegraph) The liberation of the eastern Luhansk region has begun after Ukraine claimed to have recaptured several settlements.
Just How Long Should the US Send Aid to Ukraine? (Defense One) History can help us understand whether Kyiv’s situation better resembles Afghanistan or Colombia.
Putin signs annexation of Ukrainian regions as losses mount (AP NEWS) Russian President Vladimir Putin signed laws that claimed four regions of Ukraine as Russia's territory while his country's military struggled Wednesday to control the illegally annexed areas.
Thinking About the Unthinkable in Ukraine (Foreign Affairs) What happens if Putin goes nuclear?
Why Russia could use nuclear weapons in Ukraine (The Spectator World) Here is one fact about the war between Ukraine and Russia: the longer it goes on, the more advanced Western arms will flow to Kyiv
It is time to call Putin's bluff (The Telegraph) The West must make it clear that any use of nuclear, chemical or biological weapons is a red line issue
Opinion | Nuclear Annihilation Is a Threat Again (New York Times) The Cuban missile crisis has been viewed as the defining confrontation of the modern age. The war in Ukraine presents perils of at least equal magnitude.
European unity is essential as Putin prepares to weaponize winter (Atlantic Council) European unity will be vital in the coming months as Russia attempts to weaponize winter in order to convince EU leaders to abandon their support for Ukraine and end their opposition to Vladimir Putin's ongoing invasion.
The Downside of Imperial Collapse (Foreign Affairs) When empires or great powers fall, chaos and war rise.
‘Putin’s Chef’ Steps Out of the Shadows (Foreign Policy) Yevgeny Prigozhin wants to ride the Wagner Group to greater glory.
Ukraine Hasn’t Won the Cyber War Against Russia Yet (World Politics Review) While Russia’s cyber attacks against Ukraine so far haven’t met initial expectations, it’s too early to say Ukraine has won the “cyber war.”
USCYBERCOM Executive Director David Frederick Outlines Cyber Threats & Highlights Importance of Industry Partnerships (GovCon Wire) Looking for the latest GovCon News? Check out our story: USCYBERCOM Executive Director David Frederick Outlines Cyber Threats. Click to read more!
Ferrari suffer cyberattack after ditching Russian sponsor | thejudge13 (thejudge13) Formula One enjoyed a second mini summer break following the cancelation of the 2022 Russian GP. In the two weeks before the Singapore race the F1 was circus was scheduled to return to Sochi, Russi…
Data of 16M clients of Russian retail chain DNS leaked (Cybernews) DNS acknowledged the breach after hackers shared the details of the company’s customers and employees on a popular hacker forum.
Nvidia Closing Offices in Russia, Ceasing All Activities There (Wall Street Journal) The chip maker says it can no longer operate effectively in the country due to recent events related to the invasion in Ukraine.
Elon Musk is acting like Putin’s useful idiot (The Telegraph) Siren voices in the West are wrong to think that peace is possible without Russia leaving Ukraine
Attacks, Threats, and Vulnerabilities
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization (CISA) Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication (MFA) on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on network assets. • Audit account usage.
CISA: Multiple government hacking groups had ‘long-term’ access to defense company (The Record by Recorded Future) Several U.S. agencies said it is likely that multiple government hacking groups had “long-term” access to the network of a defense company.
US Govt: Hackers stole data from US defense org using new malware (BleepingComputer) The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
'Poisoned' Tor Browser tracks Chinese users' online history, location (CyberScoop) Attackers modified the popular anonymity-enabling Tor browser to track users in China and record browsing history, researchers said.
Threat actors use YouTube to distribute ‘poisoned’ Tor browser installer (SC Media) Kaspersky researchers noticed a rather clever way threat actors are deceiving users in China into downloading a malicious Tor browser installer that can be used to track the history and location of its victims.
Malicious Tor Browser Installers Spread Via Darknet Video on YouTube (Infosecurity Magazine) The malicious variant distributed spyware to collect personal data and send it to the hacker
Mexican Army targeted by hacking organization in historic cyber-attack (Aztec Reports) Mexico’s Ministry of National Defense (SEDENA) was hit by a historical cyber-attack resulting in 6 terabytes of stolen information, the Mexican government confirmed on September 30th.
Tiranë: Vulnerable to Cyber Attacks (Exit - Explaining Albania) Six years ago, at the Warsaw Summit, NATO Heads of State defined cyberspace as an operational dimension of NATO, land, sea and outer space. This conclusion was reached after previous agreements on the virtual environment and collective defence. As a NATO member country, Albania was involved in drafting national cyber defence policies, among them the
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild (Bitdefender Labs) Cryptojackers have become very lucrative for cybercriminals in recent years as
the price of cryptocurrency soared.
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (BleepingComputer) Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse (Sophos News) A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability
Conti Ransomware: The History Behind One of the World’s Most Aggressive RaaS Groups (Flashpoint) Conti ransomware has become one of the most infamous in the ransomware space. Recent developments have called into question the future of the group, prompting a look back on how they came to be.
OpenText Security Solutions Announces Nastiest Malware of 2022 (OpenText) Analysis Reveals the Emergence of Triple Extortion and a Possible End to the Hacker Holiday
Activision Blizzard’s Overwatch 2 Hit With Cyberattack at Launch (Bloomberg) Players complained of connectivity issues before attack. Overwatch 2 expected to be a boost in otherwise slow year.
Australian defence officials caught up in cyberattack at Singapore hotel (Breaking Australian and World News Headlines - 9News) Hackers targeted the Singapore hotel that Defence Minister Richard Marles and senior officials were staying...
Securing Developer Tools: A New Supply Chain Attack on PHP (SonarSource) What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!
Australia's Telstra hit by data breach, two weeks after attack on Optus (Reuters) Australia's largest telecoms firm Telstra Corp Ltd said on Tuesday it had suffered what it called a small data breach, a disclosure that comes two weeks after its main rival Optus was left reeling by a massive cyberattack.
Optus Confirms Hack Exposed Data of Nearly 2.1 Million Australians (Infosecurity Magazine) The company confirmed it has employed Deloitte to lead a forensic review of the cyber-attack
CommonSpirit Health reported an IT security incident affecting facilities in multiple regions (Fierce Heathcare) CommonSpirit Health is managing an IT security incident affecting some of its facilities in multiple regions, the company said in a statement to Fierce Healthcare.
Election workers need to be protected and, sometimes, protected against (Washington Post) Death threats, stray flash drives are among the security risks involving election workers
Security Patches, Mitigations, and Software Updates
Johnson Controls Metasys ADX Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys ADX (Extended Application and Data Server) Server running MVE (Metasys for Validated Environments) Vulnerability: Improper Authentication 2.
Hitachi Energy Modular Switchgear Monitoring (MSM) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.0 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring (MSM) Vulnerabilities: Cross-Site Request Forgery (CSRF), HTTP Response Splitting 2.
Horner Automation Cscape (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Out-of-bounds Write, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow local attackers to execute arbitrary code.
OMRON CX-Programmer (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Programmer Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or may allow arbitrary code execution.
BD Totalys MultiProcessor (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Totalys MultiProcessor Vulnerability: Use of Hard-coded Credentials 2.
Trends
Rise in Cyberattacks Stretches and Stresses Defenders (Wall Street Journal) Cybersecurity specialists who respond to hacks say they are stretched thin as ransomware and other attacks proliferate, often working on multiple cases at once while trying to avoid burnout.
New IDology Research Reveals 60% of Consumers Don't Believe Companies Do Enough To Protect Their Data as Demand for Security Grows (PR Newswire) IDology, a GBG company, today released its Fifth Annual Consumer Digital Identity Study, providing valuable insights into consumer expectations...
Fifth Annual Consumer Digital Identity Study (IDology) Fifth Annual Consumer Digital Identity Study provides an inside look at what consumers want from the modern digital experience.
New Research for BlackBerry Reveals Organizations in All Sectors Lack Tools and Teams to Address Cybersecurity Threats (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) today published new research highlighting the challenges organizations in all major sectors face in maintaining and improving their overall cybersecurity posture.
New Report from Proofpoint and Cybersecurity at MIT Sloan Reveals Almost Half of Board Members Globally Feel Unprepared for a Cyber Attack... (Proofpoint) Proofpoint, Inc., a leading cybersecurity and compliance company, and Cybersecurity at MIT Sloan (CAMS), an interdisciplinary research consortium, today released their Cybersecurity: The 2022 Board Perspective report, which explores board of directors’ perceptions about their key challenges and risks.
Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021 (Business Wire) In the first half of 2022, the amount of DDoS (distributed denial of service) attacks increased by 75.6% compared to the second half of 2021, accordin
Cybersecurity: The 2022 Board Perspective Report (Proofpoint) As cyber attacks become increasingly sophisticated and impact organizations of all sizes, the board-CISO relationship has never been more important. To protect people and data and ensure continued organizational success, CISOs must communicate effectively with their boards, put threats in perspective, foster collaboration, and drive accountability.
Exposed Cloud Data is a $28 Million Cyber Risk for the Average Company (Varonis) “The Great SaaS Data Exposure” report from Varonis analyzes SaaS risk at hundreds of companies, shedding light on the tension between productivity and security
Keeper Security: 2022 Cybersecurity Census Report Reveals Lack of Preparedness Against Rising Cyberattacks Amongst UK Businesses (Business Wire) Cyberattacks are hammering businesses of all sizes and sectors across the UK, with just a fraction of those prepared to defend against them, according
Darktrace: 85 per cent of high-risk vulnerabilities unpatched after a week (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Should we take comfort in knowing that threat actors are finding ways to bypass MFA? (SC Media) One security researcher says the fact the Secureworks study found that threat actors are bypassing MFA may show that more organizations are deploying authentication technology.
Marketplace
NetSPI Raises $410 Million in Growth Funding from KKR (PR Newswire) NetSPI, a leader in enterprise penetration testing and attack surface management, today announced that global investment firm KKR is increasing...
SandboxAQ Invests in Qunnect as part of its Strategic Investment Program (PR Newswire) SandboxAQ, an enterprise SaaS company delivering the combined impact of AI and Quantum technology (AQ), and Qunnect, a quantum networking...
Elon Musk Offers to Buy Twitter for Original Deal Price: Latest News Updates (Wall Street Journal) The Tesla chief executive has offered to close his $44 billion deal to buy Twitter on the terms he originally agreed to, according to a person familiar with the matter.
Musk Could Own Twitter Next Week: What Happens Next (The Information) Elon Musk has spent months criticizing Twitter for everything from its management to its prevalence of phony users. Now he needs to figure out how to fix its business as advertiser spending evaporates. Musk’s decision to reverse course and offer to complete his $44 billion purchase of Twitter ...
Optus engaging lawyers 'not a good look' (7News) Optus has been told to focus on helping customers who had their personal details leaked rather than briefing lawyers ahead of a potential class action.Assistant Treasurer Stephen Jones labelled Optus parent company Singtel engaging lawyers "unfortunate" said it was making a bad situation worse.
Shadowserver Alliance Launch (Shadowserver) The Shadowserver Foundation today launched its new Alliance to Continue to Build a Safer, More Secure Internet. The new Shadowserver Alliance partner program will accelerate growth and scale up delivery of no cost cybersecurity and cyber threat intelligence services to internet defender organizations and law enforcement.
KnowBe4 Launches Cybersecurity Awareness Month University Challenge (PR Newswire) KnowBe4, the provider of the world's largest security awareness training platform, today announced it is spearheading an initiative among UK...
Jumio Wins Double Gold in the 10th Annual 2022 CEO World Awards® (Business Wire) Jumio, the leading provider of orchestrated end-to-end identity proofing, eKYC and AML solutions, today announced that it was named a gold winner for
ArentFox Schiff Adds Experienced Privacy, Data Security, and FTC Defense Partner D. Reed Freeman Jr. in DC | ArentFox Schiff (ArentFox Schiff) ArentFox Schiff is pleased to welcome Partner D. Reed Freeman Jr. to the firm’s Trademark and Copyright practices in Washington, DC. With nearly 30 years of experience in privacy, data security, and Federal Trade Commission defense, Reed brings a deep understanding of the law.
Products, Services, and Solutions
Dynatrace Launches Grail for Boundless Observability, Security, and Business Analytics (Dynatrace news) Dynatrace announced today the launch of its Grail™ core technology within the Dynatrace® Software Intelligence Platform.
Synopsys Expands Code Sight Standard Edition with IntelliJ Support (Synopsys) Standalone IDE plugin enables developers to detect security vulnerabilities in source code and open source dependencies MOUNTAIN VIEW, Calif., Oct. 4, 2022 /PRNewswire/ -- Synopsys, Inc. (Nasdaq:...
Omada Positioned as a Leader in Omdia Market Radar for Identity Governance and Administration (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today announced its position as a Leader in the Omdia...
Veristor Partners with Randori, an IBM Company, to Reduce Attack Surface Risk (Veristor) Partners Work to Help Mutual Customers Better Secure their Environments from Real World Security Threats ATLANTA and WALTHAM, Mass. – October 4, 2022 – Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and Randori, an IBM Company and a leader in Attack Surface Management, today announced they have partnered to help customers
Rubrik Joins Microsoft Intelligent Security Association; Announces Integration with Microsoft Sentinel to Deliver Multi-Cloud Data Security (AP NEWS) Press release content from Globe Newswire. The AP news staff was not involved in its creation.
SlashNext Extends Award Winning Mobile Security to Personal BYOD & Home Users to Protect Against the Rise in Smishing, Business Text Compromise and Fraud (PR Newswire) SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, mobile, and brand for the modern workforce, today...
Dell Technologies Delivers Zero Trust, Cybersecurity Solutions to Protect Multicloud and Edge Environments (PR Newswire) News summary Zero Trust Center of Excellence provides a cybersecurity blueprint for customers to test their environments on a U.S. Department...
Introducing Tenable One: Industry-First Exposure Management Platform (Tenable®) Provides unified visibility into exposures, identifies attack paths and enables more efficient risk management Tenable®, the Exposure Management company, today announced the release of Tenable One, a revolutionary Exposure Management platform that unifies discovery and visibility into all assets and assesses their exposures and vulnerabilities across the entire attack surface for proactive risk management.
SITA partners with Versa NETWORKS to DELIVER A TAILOR-MADE SECURE SD-WAN solution BUILT FOR the air transport industry (PR Newswire) SITA today announced a new partnership with Versa Networks, the recognized secure access service edge (SASE) leader, that will launch SITA...
Google Discontinues Translate Service in Mainland China (CNET) The service was one of Google's last remaining offerings in the country.
LiveAction adds new SOC-focused features to ThreatEye NDR platform (CSO Online) A SOC-specific user interface that supports analyst workflows and enhanced predicative threat intelligence capabilities are among the new features.
Democratizing AppSec with Contrast Security’s new free developer tool, CodeSec! (Security Boulevard) In this session of RedMonk conversations. Senior analyst Rachel Stephens is joined by Contrast Security co-founder and CTO Jeff Williams for a lively conversation about the Application Security (AppSec) market.
Dynatrace overhauls AIOps back end, beefs up log analytics (SearchITOperations) A new data lakehouse architecture could help Dynatrace AIOps tools compete more aggressively in log analytics against the likes of Splunk and Elastic.
LogRhythm Introduces Ground-Breaking, Cloud-Native Security Operations Platform (Business Wire) LogRhythm Axon’s intuitive analyst experience and enhancements to LogRhythm SIEM, NDR & UEBA empower security teams to detect and disarm cyberthreats
SecureAuth Strengthens Its Channel with Grupo TRC and SDG as New Channel Partners to Deliver Market-Leading Passwordless Continuous Authentication (SecureAuth) Partnership Greatly Expands on SecureAuth’s Selling and Delivery Reach Globally IRVINE, Calif. – October 5, 2022 – SecureAuth, a leader in next-gen authentication and access management, announces new partnerships with Grupo TRC and SDG. The SecureAuth Partner Program offers partners a differentiated and game-changing next-gen authentication solution with Arculix to jointly solve organizations’ identity security […]
NetWitness Launches White Hat Wednesdays Conversation Series (Business Wire) NetWitness: DATE & LOCATION: To register, visit the White Hat Wednesdays link here. Wednesday, October 19 at 11:30am ET Wednesday, November 16 at
Technologies, Techniques, and Standards
Cybersecurity Awareness Month 2022: Enabling Multi-factor Authentication Key behavior: Multi-factor Authentication (NIST) In celebration of Cybersecurity Awareness Month, NIST will be publishing a d
Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship (CNBC) Anonymous and other hacking groups have organized online to orchestrate cyberattacks on Iranian officials and institutions.
Snowflake Makes It Easy For Anyone to Fight Censorship (Electronic Frontier Foundation) Tor, the onion router, remains one of the most effective censorship circumvention technologies. Millions of people use the Tor network every day to access the internet without fear of surveillance and censorship.Most people get on the Tor network by downloading the Tor Browser and connecting to a...
To avoid insider threats, try empathy (Help Net Security) In this interview with Help Net Security, Nathan Hunstad, Deputy CISO at Code42, explains the importance of addressing insider threats.
CISOs and board members view cyber risk through different lens (SC Media) There is a disconnect between the boardroom and CISOs when evaluating cyber risk, according to new research from cybersecurity firm Proofpoint and MIT Sloan.
What cybersecurity executives would do with a blank check (Protocol) Many leaders say they'd use their blank check to instill a security-first culture or bring in new talent.
How to best protect against online scams targeting service members (Military Times) With online scams against active and retired military personnel and their families growing at an exponential rate, experts are touting some basic reminders
Research and Development
Nobel Prize in Physics goes to scientists who paved the way for quantum computing (Space.com) The understanding of entangled photons has led to a plethora of practical applications, including quantum cryptography.
Academia
Post-graduate degree in offensive cyber security offered by Canadian university | IT World Canada News (IT World Canada) A Canadian university is adding to its cybersecurity-related graduate programs for infosec pros who want to beef up their resumes. Toronto's York University said its school of continuing studies is launching a Post-Graduate Certificate in Offensive Cyber Security to help infosec pros be proactive in protecting organizations' networks and computer systems from cyberattacks. The full-time,
York University School of Continuing Studies launches Canada's first university-level Post-Graduate Certificate in Offensive Cyber Security (Yahoo) Today, the York University School of Continuing Studies announced the launch of a new full-time Post-Graduate Certificate in Offensive Cyber Security. This program—the first to be offered in Canada by a post-secondary institution—will prepare domestic and international students to be proactive in protecting organizations' networks and computer systems from cyberattacks.
Legislation, Policy, and Regulation
Donelan hints at replacing GDPR with British alternative (Computing) But industry is confused by the scrapping of Data Reform Bill
Tech Minister pushes for cyberspace protection bill (The Edition) A bill on cyberspace protection, cyber crime and government's digital services is currently on the works. Minister of Environment, Climate Change and Technology Ms. Aminath Shauna made the confirmation, that such a bill was currently being
Biden's AI Bill of Rights Is Toothless Against Big Tech (WIRED) The draft's tenets include allowing citizens to opt out of algorithmic decisionmaking, which could reshape federal government—but not the private sector.
New US DHS grant program can boost local governments’ cybersecurity strength (CSO Online) The cybersecurity grant program is designed to initiate state and local governments projects but does not provide ongoing operating funds.
Hamden mayor estimates $500,000 cost to address spring cyberattack (New Haven Register) It has taken months to rebuild the network, but officials now believe they know how the...
Litigation, Investigation, and Law Enforcement
Mexico president denies spying on critics after Pegasus allegations (Reuters) Mexican President Andres Manuel Lopez Obrador denied on Tuesday that his administration spied on journalists or opponents after a report that the phones of at least three people investigating human rights abuses were infected with Pegasus spyware.
Mexico: reporters and activists hacked with NSO spyware despite assurances (the Guardian) Country’s current government had sworn it would no longer use the hacking software
Supreme Court to scrutinize U.S. protections for social media (Reuters) The U.S. Supreme Court on Monday agreed to hear a challenge to federal protections for internet and social media companies freeing them of responsibility for content posted by users in a case involving an American student fatally shot in a 2015 rampage by Islamist militants in Paris.
The Supreme Court has steered clear of immunity for tech companies — until now (San Francisco Chronicle) The Supreme Court, in terrorism cases from San Francisco, will decide whether federal law...
Judge says Twitter can search Musk team’s texts for Twitter whistleblower details (The Verge) But Elon might have just agreed to buy the company.
Romance scammer and BEC fraudster sent to prison for 25 years (Naked Security) Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.
SEC Charges Kim Kardashian for Unlawfully Touting Crypto Security (US Securities and Exchange Commission) The Securities and Exchange Commission today announced charges against Kim Kardashian for touting on social media a crypto asset security offered and sold by EthereumMax without disclosing the payment she received for the promotion. Kardashian agreed to settle the charges, pay $1.26 million in penalties, disgorgement, and interest, and cooperate with the Commission’s ongoing investigation.
Netwalker ransomware affiliate sentenced to 20 years in prison (BleepingComputer) Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.
NetWalker affiliate sentenced to 20 years in prison (The Record by Recorded Future) A Canadian affiliate of the NetWalker ransomware group was sentenced to 20 years in prison Tuesday for his role in a hacking campaign targeting a Florida company.
Magellan Health Settles Healthcare Data Breach Lawsuit For $1.43M (Health IT Security) The healthcare data breach lawsuit stemmed from a 2019 phishing attack at Magellan Health that impacted 273,000 individuals.
Google to Pay $85 Million to Settle Arizona User-Tracking Suit (Wall Street Journal) The search giant will pay $85 million to resolve a suit claiming that it recorded users’ locations even after they tried to turn off the company’s tracking on smartphones and web browsers.