Dateline Moscow, Kyiv, and New York: Annexations rebuked at UN as Russia relies on a missile campaign.
Ukraine at D+231: Ukrainian infrastructure recovers from missile strikes. (CyberWire) The UN General Assembly condemns Russia's attempted annexation of conquered provinces. Ukrainian power and communications infrastructure recovered relatively rapidly from the continuing wave of Russian missile strikes. President Putin warns of "terrorist" attacks against infrastructure (it's an ambiguous warning--blame the Anglo-Saxons, but remember what the Russians can do to you).
Russia-Ukraine war: List of key events, day 232 (Al Jazeera) As the Russia-Ukraine war enters its 232nd day, we take a look at the main developments.
Russia-Ukraine war live: Ukraine’s power grid ‘stable’ after Russian air strikes; Putin proposes ‘gas hub’ in Turkey (the Guardian) Ukraine rules out emergency blackouts after Russian strikes targeted energy infrastructure; Russian president meets Turkish president in Kazakhstan
Ukraine War Updates: Starlink an "essential part" of Ukraine infrastructure (Newsweek) Russian air strikes continue in Ukraine as Kyiv asks allies for more air defense systems.
Ukraine war latest: Ukraine joining Nato 'would guarantee World War Three', says Russia (The Telegraph) Ukraine joining Nato would mean "a guaranteed escalation" to a third world war, the deputy secretary of Russia's Security Council has said.
Ukraine's Kyiv area hit by Iranian-made kamikaze drones (AP NEWS) Ukraine’s capital region was struck by Iranian-made kamikaze drones early Thursday, officials said, sending rescue workers rushing to the scene as residents awoke to air raid sirens for the fourth consecutive morning following Russia’s major assault across the country earlier this week.
Russia's war in Ukraine (CNN) The UN General Assembly overwhelmingly approved a resolution telling Russia its annexation of four Ukrainian zones is illegal as NATO defense ministers reaffirmed their commitment to support Kyiv with military aid. Follow live updates here.
The U.N. Charter Is Working Better Than It Seems in Ukraine (World Politics Review) The UN Charter is working exactly as was envisioned, and perhaps even better than its framers hoped, in Ukraine.
Ukraine Will Push to Reclaim More Territory Through Winter, U.S. Defense Chief Says (New York Times) In the wake of Russia’s attacks on civilian targets across Ukraine, Defense Secretary Lloyd J. Austin III signaled that the United States’ commitment to providing arms to Kyiv would be open-ended.
Ukrainian forces 'shoot down four Russian helicopters in 18 minutes' (The Telegraph) Ukraine’s armed forces on Wednesday downed four Russian helicopters in 18 minutes in the south of the country.
Putin’s Air-Terror Campaign Against Ukraine Is Already Failing (Washington Post) In the rapidly shifting Ukraine war, the growing failure of Russian President Vladimir Putin’s ground game is causing him to seek asymmetrical responses. Most visibly, he is turning to what is essentially a terror-bombing campaign against the civilian population of Ukraine.
Milley calls Russia’s attack on Ukrainian civilian sites a ‘war crime’ (The Hill) Joint Chiefs of Staff Chairman Gen. Mark Milley on Wednesday called Russia’s most recent attacks on Ukrainian civilian sites a “war crime.” “Russia has deliberately struck civilian infra…
Ukraine's nuclear plant regains power supply after 2nd cut in a week (Axios) The plant was once again forced to rely on emergency diesel generators for necessary safety operations.
Suspicions raised after Russia's series of arrests of 'saboteurs' (The Telegraph) The FSB intelligence agency said it detaimed eight people allegedly involved in the attack but arrest footage raises questions
Vladimir Putin warns that all world infrastructure at risk of ‘terror attacks’ (The Telegraph) Russian leader says the Nord Stream gas pipeline explosions were an act of terror that set ‘the most dangerous precedent’
Ukraine’s Path to Victory (Foreign Affairs) How the country can take back all its territory.
Pre-ministerial press conference by NATO Secretary General Jens Stoltenberg ahead of the meetings of NATO Defence Ministers (NATO) Good afternoon. NATO Defence Ministers will meet this week at an important moment for transatlantic security. We will review our progress on strengthening NATO’s deterrence and defence.
We will further increase the protection of our critical infrastructure, in light of the sabotage of the Nord Stream pipelines.
“General Armageddon” & Putin’s Bridge to Nowhere (Puck) The strategic and psychological impact of the latest dark turn in Russia’s war on Ukraine.
Russia’s new commander in Ukraine was decorated after brutality in Syria (Washington) Russia’s missile strikes on Ukrainian cities Monday, which President Vladimir Putin said targeted “energy, military command and communications facilities,” also hit downtown streets, a playground and residential areas, bearing a grim resemblance to Russia’s brutally indiscriminate military style in Syria, where the Kremlin’s new top commander of the war on Ukraine, Gen. Sergei Surovikin, rose to prominence.
The cutting-edge British weapons that will help Ukraine defend its skies (The Telegraph) Britain announced on Wednesday that it was donating cutting-edge anti-aircraft missiles capable of shooting down cruise missiles
US pushes patchwork air defense for Ukraine amid Russian blitz (Defense News) Ukraine’s allies need to “chip in” to create a complex mix of air defenses, says Gen. Mark Milley.
EXPLAINER: US weapons systems Ukraine will or won't get (AP NEWS) WASHINGTON (AP) — Ukrainian leaders are pressing the U.S. and Western allies for air defense systems and longer-range weapons to keep up the momentum in their counteroffensive against Russia and fight back against Moscow's intensified attacks.
Nuclear threats are all defeated Putin has left (The Telegraph) The West should not give into blackmail, but see the Russian president’s rants for the bluster they are
Internet outages hit Ukraine following Russian missile strikes (Bitdefender) Ukraine has seen internet outages this week following renewed missile attacks from Russian forces.
Starlink helped restore energy, communications infrastructure in parts of Ukraine - official (Reuters) SpaceX's Starlink services helped restore energy and communications infrastructure in Ukraine's critical areas, the country's Vice Prime Minister Mykhailo Fedorov said on Wednesday.
Ukraine’s Vice PM Thanks Starlink for Help to Restore Connections After Missile Attack from Russia (Tech Times) Starlink is a massive help for Ukraine in the present, and it will continue with its service for all.
We must tackle Europe’s winter cyber threats head-on (POLITICO) If we subscribe to a narrative of fear, we’re doing the Kremlin’s work for it. It’s time to prepare, not panic.
The conflict in Ukraine makes us rethink cyberwar (The Japan Times) Russia’s much vaunted and expected massive cyberattack on Ukraine never materialize and there are various reasons why.
Baltic nations long warned about Russia. Now, maybe the West is listening. (Washington Post) Since the start of Russia’s full-scale invasion of Ukraine, Kyiv’s strongest allies against President Vladimir Putin have been the nations that know his Soviet playbook best: Estonia, Latvia, Lithuania and Poland, all invaded and brutalized by the Soviet Union and historically wary of Russia.
The U.S. and Europe Must Relearn How to Fight an Industrial War (World Politics Review) The war in Ukraine is a reminder that the US and Europe must fundamentally change how they prepare for war outside of failed states.
Cannibalizing the arsenal of democracy in turbulent times (Military Times) The Pentagon should consider cutting back on research and development funding and ramping up procurement to protect the arsenal of democracy.
V Corps commander: After Russian invasion, NATO presented with 'historic opportunity' (Breaking Defense) European nations are willing to spend "money to modernize their equipment and replenish their stocks, but also money to train their forces," said Lt. Gen. John Kolasheski.
The End of the Post-Soviet Order (Foreign Affairs) How Putin’s war has hurt Russia in Central Asia and the Caucasus.
White House Weighs Ban on Russian Aluminum Over Ukraine War Escalation (Bloomberg) Crucial consumer metal was shielded from earlier US sanctions. Move could force key industries into rush for replacements.
As Europe falls into recession, Russia climbs out (The Economist) Real-time data show a subdued but strengthening economy
Attacks, Threats, and Vulnerabilities
Budworm: Espionage Group Returns to Targeting U.S. Organizations (Symantec Blog) Recent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.
Report: Lebanon-based hacking group attacked Israeli targets with custom backdoors (The Record by Recorded Future) The advanced persistent threat (APT) group known as Polonium attacked more than a dozen organizations using at least seven custom backdoors since September of last year, according to a new report from ESET.
WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod (Dark Reading) Among other things, users who download the app could end up having their WhatsApp account details stolen.
Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild (Dark Reading) Drone-based cyberattacks to spy on corporate targets are no longer hypothetical, one incident from this summer shows.
Wi-Fi spy drones used to snoop on financial firm (Register) Check your rooftops: Flying gear caught carrying network-intrusion kit
Spoofing Google Translate to Steal Credentials (Avanan) Hackers are spoofing Google Translate to get into the inbox and steal credentials.
Fresh Phish: Small Business COVID-19 Grants Designed for Disaster (INKY) COVID took its toll on small businesses. It’s estimated that 200,000 closed their doors for good. For those left fighting, government loans and grants were often a welcomed sight. Those same familiar grants are now being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (The Hacker News) Cyber criminals are resorting to voice phishing tactics (vishing) to trick their victims into installing Android malware on their devices.
Fortinet warns that critical authentication bypass flaw has been exploited (ZDNET) US federal agencies need to quickly patch this critical Fortinet authentication bypass.
Fortinet authentication bypass flaw exploited in the wild; security experts call patching critical (SC Media) This exploit functions as a vulnerability in the HTTP/S admin access to most Fortinet solutions. Any organizations that deployed Fortinet devices running FortiOS, FortiProxy, or FortiSwitchManager should immediately respond to this alert.
More than 5,000 phishing e-mails impersonating Case officers sent after cyber attack (The Straits Times) Case said the unauthorised access was limited to consumers' e-mail addresses.
Read more at straitstimes.com.
Medibank Private hit by cyber attack, but says no sensitive data accessed (ABC) The health insurer says it detected "unusual activity" on its network on Wednesday, and clients will face disruptions.
Decentralized Solana-based trading platform Mango reportedly hit by $100 million exploit (Fortune) This potential exploit is among a string of hacks to hit the crypto ecosystem recently.
Crypto trading platform Mango Markets drained of more than $100 million in flash loan attack (The Record by Recorded Future) Cryptocurrency trading platform Mango Markets was robbed of more than $100 million on Tuesday night after a successful flash loan attack.
Financial data of over 9 mn cardholders leaked, including from SBI: Researchers (The Siasat Daily) Cyber-security researchers on Wednesday said they have discovered a massive leak involving over nine million cardholders'
Thousands of Aussies caught up in global credit card cyber-breach (7NEWS) A leaked database of credit card information - including that of more than 12,000 Australians - has been found on the dark web.
Tucson data breach puts 123,500 individuals’ information at risk (Arizona Daily Star) A data breach in May could have leaked individuals' names, Social Security numbers, driver’s license or state identification numbers and passport numbers.
Let’s Not Downplay the Threat of Cyber Attacks in Commercial Real Estate (Propmodo) In July 2021, a ransomware gang named BlackMatter emerged from the internet's dark corners. A threat intelligence software company, Flashpoint, said the
What's on your network? These are the devices most at risk of getting hacked (ZDNET) Connected devices are becoming more common at home and in the workplace - but if they're not secured properly, that could leave you vulnerable.
Security Patches, Mitigations, and Software Updates
Adobe Releases Security Updates for Multiple Products (CISA) Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE-2022-40684 CISA KEV Breakdown (Nucleus Security) In this Breakdown, Nucleus experts have found 1 notable vulnerability in the October 11, 2022 CISA Known Exploitable Vulnerabilities release.
Patch your iPhone now against mystery Mail crash bug (Graham Cluley) iOS 16.0.3 has been pushed out by Apple, and my advice is that you should install it.
Signal will remove support for SMS text messages on Android (BleepingComputer) Signal says it will start to phase out SMS and MMS message support from its Android app to streamline the user experience and prioritize security and privacy.
Microsoft adds new RSS feed for security update notifications (BleepingComputer) Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide.
Cloudflare DDoS threat report 2022 Q3 (Cloudflare) Welcome to our DDoS Threat Report for the third quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.
Over a quarter of firms have suffered data breaches costings millions: PwC (ReinsuranceNe.ws) A new report from PwC says that 27% of companies have suffered a data breach leading to costs between $1m and $20m in the last three years. The survey,
Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report (PR Newswire) Lacework®, the data-driven cloud security company, today released the fourth Lacework Labs Cloud Threat Report and subsequently launched a new,...
Discover the Cloud Threat Report 2022 Vol. 4 | Lacework (Lacework) Take a deep dive into Lacework's Cloud Threat Report 2022 Volume 4 and discover recent vulnerabilities and attacks, plus proactive measures you can take.
Latest GuidePoint Research and Intelligence Team (GRIT) Ransomware Trends Report Underscores High Threat Group Turnover and Consistent Targeting of Manufacturing and Technology Industries (GuidePoint) The GuidePoint Security Threat Intelligence Team’s Q3 2022 Ransomware Analysis Shows Lockbit Still the Most Active Threat Actor
GRIT Ransomware Report – Q3 (GuidePoint Security) September brought yet another ransomware-filled quarter to a close. Although GRIT observed a slight slowdown in ransomware activity from the rates observed during Q2, ransomware continues to be the most prolific threat that organizations face across all industry verticals.
E-Commerce Losses to Online Payment Fraud to Exceed $48B Globally in 2023, as Fraud Incursions Evolve (Dark Reading) Study estimates a 16% growth in e-commerce fraud losses in just 12 months.
Preventing data breaches, safeguarding remote workers are top priorities and outcomes for companies (News Powered by Cision) Respondents to a recent survey identified a variety of different priorities and security outcomes
Cyber Security Priorities & Outcomes (WithSecure) We asked over 3000 IT decision makers, IT influencers, and top management from organizations in 12 different countries about a variety of business and cyber security topics, including their security priorities and challenges.
Nudge Security emerges from stealth to address security's hardest problem: people. (PR Newswire) Nudge Security emerged from stealth today with the first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any...
Immersive Labs Secures $66 Million in New Capital and Expands its Leadership Team to Accelerate Growth (Immersive Labs) New Raise Led by Ten Eleven Ventures, with Participation from Existing Venture Investors, Strengthens Immersive Labs’ Leadership Position in the Cyber Workforce Resilience Category
WSJ News Exclusive | Vista Equity Strikes Deal to Acquire Cybersecurity Provider (Wall Street Journal) The private-equity firm has agreed to pay $24.90 a share to acquire KnowBe4, based in Clearwater, Fla., in a rare leveraged buyout.
Vista Equity Partners to Acquire Security Awareness Training Firm KnowBe4 for $4.6B (SecurityWeek) Security awareness training company KnowBe4 will go private after being acquired by Vista Equity Partners for $4.6 billion in cash.
Red Sift Acquires Hardenize to Redefine Enterprise Attack Surface Protection (Business Wire) Red Sift today announced that it has acquired global Attack Surface Management (ASM) innovator, Hardenize. The strategic move enables Red Sift to enri
Cyolo Receives Investment from IBM Ventures for Zero Trust Secure Access Platform (Cyolo) Cyolo, creator of a zero-trust identity-based access solution for IT and OT, announced today a new investment from IBM Ventures.
CYE to Offer Leading Security Solutions for Listed Companies as it Becomes Member of London Stock Exchange's Marketplace (PR Newswire) CYE, the industry leader in cybersecurity optimization platforms, announced today that it has become a member of the London Stock Exchange's...
Former NSO CEO, Ex-Austrian Chancellor Start Cybersecurity Firm (Bloomberg.com) The former chief executive officer of Israeli spyware company NSO Group, Shalev Hulio, has joined with ex-Austrian Chancellor Sebastian Kurz to found a new cybersecurity startup focused on protecting critical infrastructure.
Thoma Bravo to Acquire ForgeRock in $2.3B Deal (Dark Reading) This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.
Vanta lands $40M to automate cybersecurity compliance (TechCrunch) Vanta, a security compliance automation startup, has raised $40 million in extension of the Series B round it closed several months ago.
Darktrace backs annual guidance but cautions on strong dollar (MorningstarUK) Cybersecurity firm on Wednesday Darktrace PLC backed annual guidance, but said ...
Snyk Joins Pledge 1% Movement, Commits to Continued Growth of Snyk Impact (GlobeNewswire News Room) Company Awarded This Year’s Pledge 1% Impact Honor in Recognition of Snyk Impact’s Momentum to Date...
Corelight Appoints Dr. Kelley Misata to Lead Open Source Strategy (Corelight) Former OISF executive director Dr. Kelley Misata joins Corelight to drive ongoing open source engagements, partnerships and technology initiatives.
Blueshift Cybersecurity Hires Veteran COO to Lead Growing SOC-as-a-Service Platform Business (Blueshift Cybersecurity) Johnny Calhoun brings 20 years of experience - including work at Nisos, PhishLabs, and Secureworks – to Build on Blueshift's Rapid Growth with MSSPs and MSPs
Zluri Hires Todd Dekkinga as Chief Information Security Officer (PRWeb) Zluri, provider of an enterprise SaaS Management Platform, today announced Todd Dekkinga has joined the company as Chief Information Security Office
Former IBM VP Mandy Long Becomes CEO of BigBear.ai (GovCon Wire) Looking for the latest GovCon News? Check out our story: Mandy Long Named BigBear.ai CEO, Board Member. Click to read more!
Products, Services, and Solutions
Blumira Achieves Service Organization Control (SOC) 2 Type 2 Certification (Blumira) Blumira is officially SOC 2 Type 2 certified. Learn how Blumira helps customers meet compliance requirements, too.
Sonrai Security Named 2022 TAG Cyber Distinguished Vendor (Sonrai) Top security analyst firm, TAG Cyber, selects Sonrai Security as Distinguished Vendor in cloud security for identity and data platform
Palo Alto Networks Ushers in the Next-Generation Security Operations Center With General Availability of Cortex XSIAM -- the Autonomous Security Operations Platform (Palo Alto Networks) Early adopters reaping the benefits of improved SOC operations and efficiencies SANTA CLARA, Calif., Oct. 12, 2022 /PRNewswire/ -- Delivering on the promise to help organizations leverage massive...
Zeek is Now a Component of Microsoft Windows (Corelight) Zeek, world’s leading open source network security monitoring platform, now deployed on more than one billion global endpoints via Microsoft Windows
AMD SEV-SNP confidential VM nodes are now generally available in AKS (Microsoft Tech Community) Application development continues to move towards a container-based approach, and our efforts in securing this space bring us to this exciting launch. Earlier this year, we previewed confidential VM nodes in Azure Kubernetes Service (AKS), a leader in development and deployment of cloud native apps....
Announcing general availability of guest attestation for confidential VMs (Microsoft Tech Community) Establishing that the underlying cloud infrastructure or a cloud service is in a desired good state is paramount in a confidential computing environment. Minimally, a desired good state is one where the underlying trusted execution environment provides memory and integrity protection. Without an est...
Azure Virtual Desktop security best practices - Azure (Microsoft Ignite) Best practices for keeping your Azure Virtual Desktop environment secure.
Migrate your sensitive data to SQL Server on Azure confidential VMs (Microsoft Tech Community) Azure confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS. Choosing a confidential VM size for your SQL Server on Azure VM provides an extra layer of security, allowing you to confidently store your sensitive data in the cloud and meet strict com...
Breakwater Revolutionizes Data Privacy Market with an Efficient, Cost-Effective Solution for Companies Who Need to Manage Unstructured Data (PR Newswire) Breakwater, a leader in data risk management solutions, today announced the launch of an efficient, cost-effective privacy solution for...
Portnox Debuts First Cloud-Native IoT Fingerprinting and Profiling Solution (Portnox) Portnox's new cloud-native IoT fingerprinting capabilities give customers enhanced confidence in their IoT security posture.
Vectra advances Security AI to deliver groundbreaking Attack Signal Intelligence™ -- empowering security teams to investigate and respond to attacks in real-time (PR Newswire) Vectra AI, the leader in Security AI-driven hybrid cloud threat detection and response, today announced Attack Signal Intelligence –...
Code42 Partners with Tines to Scale and Accelerate Response to Insider Risk Events (Business Wire) Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced that it is working with Tines, a no-code automation platform for secu
HxGN EAM chosen by Post Consumer Brands for standardization (Hexagon) Hexagon’s Asset Lifecycle Intelligence division today announced that HxGN EAM has been selected by Post Consumer Brands, which will standardize the industry-leading SaaS-based enterprise asset management (EAM) software across its entire Post Consumer Brands business.
Achieving Real-Time OT Monitoring and Mitigation with Dragos, Sentar, and Siemens Government Technologies: A MOSAICS Compatible Solution (Dragos | Industrial (ICS/OT) Cyber Security) Learn about our technology integration with Siemens Government Technologies & Sentar that provides an OT security solution that meets 2022 NDAA requirements.
Proofpoint Introduces Advanced Email Protection Integration with Microsoft Defender for Endpoint (Proofpoint) Proofpoint Inc., a leading cybersecurity and compliance company, today announced integration with Microsoft Defender to provide organizations with advanced threat protection across email and endpoints.
Proofpoint Expands Threat Protection Platform with New Deployment, Detection, and Behavioral Analytics Innovations (Proofpoint) Proofpoint Inc., a leading cybersecurity and compliance company, today announced an array of new innovations across its Threat Protection Platform at the 2022 Microsoft Ignite Conference, enabling organizations to combat today’s most advanced and prevalent threats such as Business Email Compromise (BEC) and supply chain attacks.
Axiad Announces Support for Microsoft Azure Active Directory Certificate-Based Authentication (CBA) (Business Wire) Axiad announces support for Microsoft’s CBA, helping Active Directory (AD) users move securely to the cloud with phishing-resistant MFA.
KuppingerCole Highlights Axiad as a Top Passwordless Authentication Provider (Axiad) Top IT analyst KuppingerCole recently published its report on passwordless authentication and found Axiad to be a leader in the sector. Read the report to learn more.
Thales partners with Monaco Cyber Sécurité to strengthen cyber response capabilities (Thales Group) On Wednesday, 12 October 2022, at Les Assises de la Sécurité, Monaco Cyber Sécurité (MCS) and Thales announced a new partnership to strengthen cybersecurity incident-response capabilities.
Malwarebytes Launches Managed Detection and Response Solution to Reinforce Security Operations of Resource-Limited Organizations (PR Newswire) Malwarebytes™, a global leader in real-time cyber protection, today launched Malwarebytes Managed Detection and Response (MDR), which combines...
Red Canary is recognized with Microsoft verified Managed XDR solution status (PR Newswire) Red Canary today announced it has achieved Microsoft verified Managed Extended Detection and Response (MXDR) solution status. By achieving this...
Conceal and Spire Solutions Sign International Partnership Agreement for Zero Trust Security at GITEX 2022 (Business Wire) Conceal, the leader in Zero Trust isolation and ransomware prevention technology, and Spire Solutions, a leading value-added distribu
FIDO Alliance Announces Document Authenticity Certification Program for Remote Identity Verification (PR Newswire) The FIDO Alliance today announced the latest addition to its range of certification programs to address the rising need for stronger, simpler...
Forter Launches Smart Claims to Combat Chargeback Fraud and Increase Win Rates (Business Wire) Forter announces the launch of Smart Claims, a new product offering designed to help businesses manage chargebacks more effectively.
Vaultree Launches Preview of Fully Homomorphic and Searchable Cloud Encryption Solution via Google’s AlloyDB (Business Wire) Vaultree today announced the release of its Data-in-Use Encryption for Google’s AlloyDB - available now for preview trial. As a launch partner with Go
Technologies, Techniques, and Standards
Cybersecurity Awareness Month 2022: Using Strong Passwords and a Password Manager (NIST) The key behavior that we are highlighting this week for Cybersecurity Awareness
Moving Left and Right: Cybersecurity Processes and Outcomes in M&A Due Diligence - CLTC UC Berkeley Center for Long-Term Cybersecurity (CLTC) A new study from the the Center for Long-Term Cybersecurity presents a model framework to help organizations improve their consideration of cybersecurity risk as part of a merger or acquisition (M&A). Developed through interviews with academics and practitioners who are experts in M&A, the report, Moving Left and Right: Cybersecurity Processes and Outcomes in M&A Due Diligence, integrates insights and best practices to improve on due diligence for security risk.
Firms which really get cyber security will reap the dividends (Jersey Evening Post) The world’s increasing reliance on the internet to run crucial infrastructure has shown how important cyber security is for utilities, businesses and countries. Former deputy head of GCHQ Marcus Willett tells Emily Moore how companies must mitigate...
Cyberattacks surge, how to stay safe virtually when travelling in the real world (WIT) DATA breaches, cyberattacks, information theft –
Design and Innovation
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome (The Hacker News) Google is rolling out support for Passkeys, the next-generation passwordless authentication standard, to both Android and Chrome.
Research and Development
Georgia Tech to investigate cutting-edge cyber security software and testing to foil enemy computer hackers (MIlitary & Aerospace Electronics) Red teams use tactics that mimic cyber threats to evade network defenders and assess how critical networks fare against a determined cyber attack.
Legislation, Policy, and Regulation
Govt may extend deadline for Cert-In cyber rules by 3 months to help MSMEs (Business Standard) According to Cert-In's guidelines, all enterprises, intermediaries, data centres and govt organisation are required to report any data breach to the government within six hours of becoming aware of it
Iranian diplomat urges the world to heed security threats in cyberspace, outer space (Tehran Times) The threat posed by weapons of mass destruction (WMDs) to humanity's existence has been reiterated by an Iranian diplomat, who also urged the international community to address conventional and novel security issues in cyberspace and outer space.
EU-US data sharing agreement: Is it a done deal? (Computerworld) With both Privacy Shield and Safe Harbor having been previously struck down by legal challenges, experts question whether US President Biden’s executive order implementing the new Trans-Atlantic Data Policy Framework will stand up to scrutiny.
US Chip Sanctions ‘Kneecap’ China’s Tech Industry (WIRED) The toughest export restrictions yet cut off AI hardware and chip-making tools crucial to China’s commercial and military ambitions.
New White House national security strategy light on cyber specifics (The Record by Recorded Future) The Biden administration on Wednesday issued its national security strategy, reaffirming its commitment to strengthening the country’s digital defenses and combating cybercriminals, while providing few new details.
Why CISA Won’t Release ‘Public’ Comments on Upcoming Performance Goals (Nextgov.com) CISA officials often stress their non-regulatory role, but Congress keeps trying to give the agency regulatory responsibilities.
The US Army Should Defend Soldiers Online, Too, Top Enlisted Soldier Says (Defense One) ‘I got your back’, says Sgt. Maj. Grinston, who subtweeted critics of women in the military on Twitter, seeming to contradict the Army secretary.
Litigation, Investigation, and Law Enforcement
Crypto Advocacy Group Sues U.S. Treasury Over Tornado Cash Sanctions (Wall Street Journal) Coin Center, a Washington, D.C.-based crypto research and advocacy group, filed suit against the Treasury, asking it to remove Tornado Cash from its sanctions list.
The company that owns Shein will pay New York state $1.9 million for data breach (The Verge) It told customers their stolen passwords had expired
BREAKING: BNSF Loses First Ill. Biometric Privacy Trial (Law360) A Chicago federal jury on Wednesday sided with a class of more than 44,000 truck drivers who sued BNSF Railway in the first case under Illinois' biometric privacy law to go to trial, exposing the company to up to $228 million in damages.
First Illinois Biometric Privacy Trial Ends in BNSF Loss (2) (Bloomberg Law) A class of more than 45,000 truck drivers won a $228 million judgment in the first biometrics privacy class action to go to trial in Illinois, after a jury found that BNSF Railway Co. violated state law by collecting employee fingerprints without proper consent.
Conspiracy theorist Alex Jones ordered to pay $1bn in damages to families of Sandy Hook shooting victims (The Telegraph) Jones' disinformation website InfoWars could be pushed to declare bankruptcy in one of the highest defamation awards in US history